SRC-2024-0001 : Trackplus Allegra Service Desk Module UploadHelper upload Directory Traversal Remote Code Execution Vulnerability
CVE ID: CVE-2023-50164
CVSS Score: 9.8, (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Vendors: Trackplus
Affected Products: Allegra <= 7.5.0
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trackplus Allegra. Even though authentication is required, guest account registration is enabled by default.
The specific flaw exists within the struts core dependency. An attacker can leverage this vulnerability to trigger a directory traversal which can result in the execution of arbitrary code in the context of the application.
Vendor Response:
Trackplus has issued an update to correct this vulnerability. More details can be found at: https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html
Disclosure Timeline:
-
2023-11-08 – Vulnerability reported to [email protected]
-
2023-12-21 – Silently patched by the vendor
-
2024-01-15 – Release of advisory
Proof of Concept: /pocs/src-2024-0001.py.txt
Credit: This vulnerability was discovered by Steven Seeley of Source Incite