CVE-2024-25125

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 14, 2024

CWE ID 22

Summary

CVE-2024-25125 is a newly disclosed path traversal vulnerability affecting Digdag, an open-source tool used for building, running, scheduling, and monitoring complex pipelines of tasks. The specific issue lies in Treasure Data's Digdag workload automation system, which may store log files locally. If exploited, this vulnerability may result in information disclosure, posing a significant risk. To mitigate this risk, users are advised to upgrade to the latest release version 0.10.5.1. At present, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uaL0EZ
https://www.cve.org/CVERecord?id=CVE-2024-25125
https://nvd.nist.gov/vuln/detail/CVE-2024-25125

Back to Vulnerability Database

CVE-2024-25125

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations