CVE-2024-25123

Name of the Vulnerable Software and Affected Versions MSS (Mission Support System) versions prior to 8.3.3

Description MSS is an open source package designed for planning atmospheric research flights. The issue concerns a method in the index.py file that is vulnerable to path manipulation attacks. An attacker can modify file paths to acquire sensitive information from different resources by assigning a value containing ../ to the filename variable. This allows the attacker to manipulate the file being read and potentially gain access to other files on the host filesystem.

Recommendations For MSS versions prior to 8.3.3, upgrade to version 8.3.3 to address the issue. As a temporary workaround, consider restricting access to the filename variable to prevent path manipulation attacks. Additionally, restrict access to sensitive files and resources to minimize the risk of exploitation.