Skip to content

Absolute path traversal vulnerability in digdag server

Moderate severity GitHub Reviewed Published Feb 14, 2024 in treasure-data/digdag • Updated Feb 14, 2024

Package

maven io.digdag:digdag-server (Maven)

Affected versions

< 0.10.5.1

Patched versions

0.10.5.1

Description

Summary

Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.

Impact

This issue may lead to Information Disclosure.

References

@aamine aamine published to treasure-data/digdag Feb 14, 2024
Published to the GitHub Advisory Database Feb 14, 2024
Reviewed Feb 14, 2024
Last updated Feb 14, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2024-25125

GHSA ID

GHSA-5mp4-32rr-v3x5

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.