Search

Find a vulnerability

Search criteria

    8 vulnerabilities

    CVE-2024-12687 (GCVE-0-2024-12687)

    Vulnerability from cvelistv5 – Published: 2024-12-16 19:09 – Updated: 2024-12-17 14:31
    VLAI
    Title
    Insecure YAML Deserialization
    Summary
    Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Ianis Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12687",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-17T14:31:24.547160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-17T14:31:34.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ianis Bernard"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eDeserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.\u003cbr\u003e\u003cbr\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.\n\nThis issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-16T19:09:08.481Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure YAML Deserialization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-12687",
        "datePublished": "2024-12-16T19:09:08.481Z",
        "dateReserved": "2024-12-16T19:05:12.284Z",
        "dateUpdated": "2024-12-17T14:31:34.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11839 (GCVE-0-2024-11839)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:51 – Updated: 2024-12-23 21:26
    VLAI
    Title
    Insecure Deserialization via Runbooks Imports
    Summary
    Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Ianis Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-23T21:26:16.301228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-23T21:26:24.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Runbooks"
              ],
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ianis Bernard"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:51:24.351Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Insecure Deserialization via Runbooks Imports",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11839",
        "datePublished": "2024-12-13T05:51:24.351Z",
        "dateReserved": "2024-11-26T19:25:21.962Z",
        "dateUpdated": "2024-12-23T21:26:24.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11838 (GCVE-0-2024-11838)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:51 – Updated: 2024-12-16 19:01
    VLAI
    Title
    Local File Inclusion
    Summary
    External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Ianis Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T19:01:19.398185Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T19:01:29.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ianis Bernard"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-251",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-251 Local Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:51:12.475Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local File Inclusion",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11838",
        "datePublished": "2024-12-13T05:51:12.475Z",
        "dateReserved": "2024-11-26T19:25:20.831Z",
        "dateUpdated": "2024-12-16T19:01:29.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11837 (GCVE-0-2024-11837)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:50 – Updated: 2024-12-16 19:02
    VLAI
    Title
    N1QL Injection
    Summary
    Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Radisauskas Arnoldas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T19:02:47.318821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T19:02:59.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radisauskas Arnoldas"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an N1QL Command (\u0027N1QL Injection\u0027) vulnerability in PlexTrac\u0026nbsp; allows N1QL Injection.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an N1QL Command (\u0027N1QL Injection\u0027) vulnerability in PlexTrac\u00a0 allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 N1QL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an N1QL Command (\u0027N1QL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:50:55.791Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "N1QL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11837",
        "datePublished": "2024-12-13T05:50:55.791Z",
        "dateReserved": "2024-11-26T19:24:59.008Z",
        "dateUpdated": "2024-12-16T19:02:59.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11836 (GCVE-0-2024-11836)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:50 – Updated: 2024-12-16 19:04
    VLAI
    Title
    Server-side Request Forgery
    Summary
    Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Ianis Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T19:03:16.157033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T19:03:29.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ianis Bernard"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-16T19:04:58.999Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server-side Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11836",
        "datePublished": "2024-12-13T05:50:35.088Z",
        "dateReserved": "2024-11-26T19:24:57.713Z",
        "dateUpdated": "2024-12-16T19:04:58.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11835 (GCVE-0-2024-11835)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:49 – Updated: 2024-12-16 19:04
    VLAI
    Title
    Denial of Service
    Summary
    Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Radisauskas Arnoldas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T19:03:54.812554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T19:04:04.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radisauskas Arnoldas"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 WebSocket DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:49:58.882Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11835",
        "datePublished": "2024-12-13T05:49:58.882Z",
        "dateReserved": "2024-11-26T19:24:56.724Z",
        "dateUpdated": "2024-12-16T19:04:04.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11834 (GCVE-0-2024-11834)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:49 – Updated: 2024-12-16 17:12
    VLAI
    Title
    Arbitrary File Write via PTRAC Import
    Summary
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Selim Decamps
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T17:11:33.903862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T17:12:47.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Selim Decamps"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in PlexTrac allows arbitrary file writes.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:49:41.623Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Write via PTRAC Import",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11834",
        "datePublished": "2024-12-13T05:49:41.623Z",
        "dateReserved": "2024-11-26T19:24:55.668Z",
        "dateUpdated": "2024-12-16T17:12:47.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11833 (GCVE-0-2024-11833)

    Vulnerability from cvelistv5 – Published: 2024-12-13 05:49 – Updated: 2024-12-16 18:16
    VLAI
    Title
    Arbitrary Directory Write via Runbooks Artifact Upload
    Summary
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    PlexTrac PlexTrac Affected: 1.61.3 , < 2.8.1 (semver)
    Create a notification for this product.
    Date Public
    2024-12-12 23:30
    Credits
    Selim Decamps
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-16T18:15:46.101724Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-16T18:16:33.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlexTrac"
              ],
              "product": "PlexTrac",
              "vendor": "PlexTrac",
              "versions": [
                {
                  "lessThan": "2.8.1",
                  "status": "affected",
                  "version": "1.61.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Selim Decamps"
            }
          ],
          "datePublic": "2024-12-12T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in PlexTrac allows arbitrary file writes.\u003cp\u003eThis issue affects PlexTrac: from 1.61.3 before 2.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-13T05:49:23.911Z",
            "orgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
            "shortName": "PlexTrac"
          },
          "references": [
            {
              "url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary Directory Write via Runbooks Artifact Upload",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5fea7123-217b-4b2d-ada8-8892719b43cd",
        "assignerShortName": "PlexTrac",
        "cveId": "CVE-2024-11833",
        "datePublished": "2024-12-13T05:49:23.911Z",
        "dateReserved": "2024-11-26T19:24:52.840Z",
        "dateUpdated": "2024-12-16T18:16:33.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }