CVE-2024-51998 Information
Description
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled and ALLOW_FILE_URI false or not defined. The check used for URL protocol is_safe_url allows file: as a URL scheme. It later checks if local files are permitted but one of the preconditions for the check is that the URL starts with file://. The issue comes with the fact that the file URI scheme is not required to have double slashes. This issue has been addressed in version 0.47.06 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Reference
https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6jrf-rcjf-245r
https://github.com/dgtlmoon/changedetection.io/commit/49bc982c697169c98b79698889fb9d26f6b3317f
https://github.com/dgtlmoon/changedetection.io/blob/e0abf0b50507a8a3d0c1d8522ab23519b3e4cdf4/changedetectionio/model/Watch.py#L11-L13
changedetection.io
is
a
free
open
source
web
page
change
detection
tool.
The
validation
for
the
file
URI
scheme
falls
short
and
results
in
an
attacker
being
able
to
read
any
file
on
the
system.
This
issue
only
affects
instances
with
a
webdriver
enabled
and
ALLOW_FILE_URI
false
or
not
defined.
The
check
used
for
URL
protocol
is_safe_url
allows
file:
as
a
URL
scheme.
It
later
checks
if
local
files
are
permitted
but
one
of
the
preconditions
for
the
check
is
that
the
URL
starts
with
file://.
The
issue
comes
with
the
fact
that
the
file
URI
scheme
is
not
required
to
have
double
slashes.
This
issue
has
been
addressed
in
version
0.47.06
and
all
users
are
advised
to
upgrade.
There
are
no
known
workarounds
for
this
vulnerability.