CVE-2024-25125

Name of the Vulnerable Software and Affected Versions Digdag versions prior to 0.10.5.1

Description The issue is a path traversal vulnerability in Treasure Data's digdag workload automation system when it is configured to store log files locally. This may lead to information disclosure.

Recommendations For versions prior to 0.10.5.1, upgrade to release version 0.10.5.1 to resolve the issue. As a temporary workaround, consider disabling local log file storage until the upgrade is applied. Restrict access to sensitive information to minimize the risk of exploitation.