8.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-56509

GHSA ID

GHSA-j5vv-6wjg-cfr8

EPSS Score

0.30493%

CWE

CWE-22

Published

12/27/2024

Updated

12/27/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-56509

CVE-2024-56509: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary

Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient.

Details

The check in this line of code is insufficient.

if re.search(r'^file:/', url.strip(), re.IGNORECASE):

The attacker can still bypass this by using: -file:../../../../etc/passwd -file: ///etc/passwd (with space before /)

PoC

Open up a changedetection.io instance with a webdriver configured.
Create a new watch with file:../../../../etc/passwd.
Check the watch preview.
The contents of /etc/passwd should pop out.

Screenshots

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-56509

CVE-2024-56509:

8.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-56509

GHSA ID

GHSA-j5vv-6wjg-cfr8

EPSS Score

0.30493%

CWE

CWE-22

Published

12/27/2024

Updated

12/27/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
changedetection.io	pip	< 0.48.05	0.48.05

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from an improper regex check in the URL validation logic. The original code in processors/__init__.py used re.search(r'^file:/', ...) to detect file protocol usage, but this failed to account for variations like missing slashes or added path traversal sequences. The commit f7e9846 explicitly modified this regex pattern to r'^file:', confirming this was the vulnerable function. The function's role in processing URLs and the direct correlation to the CWE-22/200 vulnerabilities described in the advisory further support this conclusion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-56509: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary

Details

PoC

Screenshots

CVE-2024-56509:

8.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2024-56509: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary

Details

PoC

Screenshots

Technical Details

Basic Information

Basic Information

8.6

8.6

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI