CVE-2024-55415

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DevDojo Voyager versions 1.8.0 and earlier

Description The issue allows an attacker to gain access to sensitive information through path traversal at the "/admin/compass" API endpoint. This vulnerability is related to errors in handling relative paths to directories, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For DevDojo Voyager versions 1.8.0 and earlier, consider restricting access to the "/admin/compass" endpoint until a patch is available. As a temporary workaround, limit the exposure of sensitive information that could be accessed through this endpoint.

Exploit

Fix

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23

Related Identifiers

BDU:2025-00932

CVE-2024-55415

GHSA-J63M-2VR6-FV7M

Affected Products

Devdojo Voyager

CVE-2024-55415

Weakness Enumeration

Related Identifiers

Affected Products

References · 26