How severe is CVE-2024-53844?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-53844?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-53844

MEDIUM Year: 2024

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attacker to access sensitive files on the server by manipulating the `botFilename` parameter in requests. The application fails to sanitize user input, enabling malicious inputs such as `..%2f..%2fetc%2fpasswd` to access arbitrary files. However, the **severity of this vulnerability is significantly limited** because EDDI typically runs within a **Docker container**, which provides additional layers of isolation and restricted permissions. As a result, while this vulnerability exposes files within the container, it does not inherently threaten the underlying host system or other containers. A patch is required to sanitize and validate the botFilename input parameter. Users should ensure they are using version 5.4 which contains this patdch. For temporary mitigation, access to the vulnerable endpoint should be restricted through firewall rules or authentication mechanisms.

CVE-2016-7169

MEDIUM

CVSS:6.3(Medium)

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenti...

CWE-222016

CVE-2017-9640

MEDIUM

CVSS:6.3(Medium)

A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC W...

CWE-222017

CVE-2020-10014

MEDIUM

CVSS:6.3(Medium)

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its san...

CWE-222020

CVE-2022-46902

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows ...

CWE-222022

CVE-2023-42961

MEDIUM

CVSS:6.3(Medium)

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandbox...

CWE-222023

CVE-2024-23793

MEDIUM

CVSS:6.3(Medium)

The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to dire...

CWE-222024

CVE-2024-53844

Vulnerability Description

Related Vulnerabilities

CVE-2016-7169

CVE-2017-9640

CVE-2020-10014

CVE-2022-46902

CVE-2023-42961

CVE-2024-23793