ZDI-24-101: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
First published: Fri Feb 09 2024(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Allegro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-24-101?
The severity of ZDI-24-101 is critical due to its potential for remote code execution.
How do I fix ZDI-24-101?
To fix ZDI-24-101, update your Allegra installation to the latest version as provided by the vendor.
What systems are affected by ZDI-24-101?
ZDI-24-101 affects certain versions of Allegra software that utilize the unzipFile method.
Can ZDI-24-101 be exploited without authentication?
ZDI-24-101 requires authentication, but the vulnerability allows the authentication mechanism to be bypassed.
What types of attacks can exploit ZDI-24-101?
ZDI-24-101 may be exploited to execute arbitrary code on the affected Allegra installations.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-22513
- agent/last-modified-date
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/description
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/zdi-advisory
- alias/ZDI-24-101
- alias/CVE-2023-51645
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/allegra
- canonical/allegro