CVE-2024-2056

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artica Proxy (affected versions not specified)

Description The issue allows services running and bound to the loopback interface on the Artica Proxy to be accessible through the proxy service. Specifically, the tailon service, which runs as the root user and listens on TCP port 7050, can be used to view the contents of any file on the Artica Proxy. Security issues related to exposing this network service are documented on gvalkov's tailon GitHub repository.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Authentication Bypass Using an Alternate Path or Channel

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-552

Related Identifiers

CVE-2024-2056

GO-2024-2612

Affected Products

Artica Proxy

Tailon

CVE-2024-2056

Weakness Enumeration

Related Identifiers

Affected Products

References · 10