Home > Vulnerability Database > CVE-2024-25125

Mend.io Vulnerability Database

CVE-2024-25125

Good to know:

Date: February 13, 2024

Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

5.3

Related Resources (5)

Url: https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3

Url: https://github.com/treasure-data/digdag

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25125

Url: https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5

Url: https://www.mend.io/vulnerability-database/CVE-2024-25125

Severity Score

5.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version io.digdag:digdag-core:0.10.5.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25125

Good to know:

Date: February 13, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?