cbcvebase.
CVE-2024-55415
published 2025-01-30

CVE-2024-55415: DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

PriorityP345medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EXPLOIT
EPSS
14.59%
96.2th percentile
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

Affected

2 ranges
VendorProductVersion rangeFixed in
tcgvoyager0 – 1.8.0
thecontrolgroupvoyager<= 1.8.0

Detection & IOCsextracted from sources · hover to see the quote

url/admin/compass
url/admin/compass?download={{base64('/etc/passwd')}}
otherregex('root:.*:0:0:', body)
  • Detect path traversal attempts against the /admin/compass endpoint by monitoring for base64-encoded path strings in the 'download' query parameter.
  • A successful exploitation returns HTTP 200 with content matching 'root:.*:0:0:' in the response body, indicating /etc/passwd was read.
  • The path traversal flaw enables attackers to manipulate file paths and delete or access arbitrary files on the server.
  • Monitor for HTTP 302 redirects from /admin/compass as an intermediate indicator during exploitation attempts.
  • ·Exploitation requires an authenticated Voyager admin session; the attacker must trick an authenticated user into clicking a malicious link (one-click attack vector).
  • ·All versions through 1.8.0 are affected and no official patch exists; detections should cover all Voyager deployments up to and including 1.8.0.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.