CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-9362: Directory Traversal in polyaxon/polyaxon

7.5 CVSS

Description

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue enables access to system directories such as `/etc`, potentially resulting in significant security risks.

Classification

CVE ID: CVE-2024-9362

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected Products

Vendor: polyaxon

Product: polyaxon/polyaxon

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.41% (probability of being exploited)

EPSS Percentile: 79.42% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-9362
https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d

Timeline

2025-03-20 11:40:50 UTC
CVE

Directory Traversal in polyaxon/polyaxon