SRC-2024-0001 : Trackplus Allegra Service Desk Module UploadHelper upload Directory Traversal Remote Code Execution Vulnerability

CVE ID: CVE-2023-50164

CVSS Score: 9.8, (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Vendors: Trackplus

Affected Products: Allegra <= 7.5.0

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trackplus Allegra. Even though authentication is required, guest account registration is enabled by default.

The specific flaw exists within the struts core dependency. An attacker can leverage this vulnerability to trigger a directory traversal which can result in the execution of arbitrary code in the context of the application.

Vendor Response:

Trackplus has issued an update to correct this vulnerability. More details can be found at: https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html

Disclosure Timeline:

• 2023-11-08 – Vulnerability reported to [email protected]

• 2023-12-21 – Silently patched by the vendor

• 2024-01-15 – Release of advisory

Proof of Concept: /pocs/src-2024-0001.py.txt

Credit: This vulnerability was discovered by Steven Seeley of Source Incite