CVE-2024-21644 (GCVE-0-2024-21644)
Vulnerability from cvelistv5 – Published: 2024-01-08 13:20 – Updated: 2025-06-17 20:39
VLAI?
Title
pyLoad unauthenticated flask configuration leakage
Summary
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
},
{
"name": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21644",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T19:55:57.324511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:39:15.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload",
"vendor": "pyload",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.0b3.dev77"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T13:20:55.182Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
},
{
"name": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
}
],
"source": {
"advisory": "GHSA-mqpq-2p68-46fv",
"discovery": "UNKNOWN"
},
"title": "pyLoad unauthenticated flask configuration leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21644",
"datePublished": "2024-01-08T13:20:55.182Z",
"dateReserved": "2023-12-29T03:00:44.958Z",
"dateUpdated": "2025-06-17T20:39:15.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv\", \"name\": \"https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40\", \"name\": \"https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:36.016Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21644\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-09T19:55:57.324511Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T20:34:36.036Z\"}}], \"cna\": {\"title\": \"pyLoad unauthenticated flask configuration leakage\", \"source\": {\"advisory\": \"GHSA-mqpq-2p68-46fv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pyload\", \"product\": \"pyload\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.5.0b3.dev77\"}]}], \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv\", \"name\": \"https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40\", \"name\": \"https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-08T13:20:55.182Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21644\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-17T20:39:15.676Z\", \"dateReserved\": \"2023-12-29T03:00:44.958Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-08T13:20:55.182Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2024-21644
Vulnerability from gsd - Updated: 2023-12-29 06:02Details
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21644"
],
"details": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.",
"id": "GSD-2024-21644",
"modified": "2023-12-29T06:02:04.996671Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-21644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pyload",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 0.5.0b3.dev77"
}
]
}
}
]
},
"vendor_name": "pyload"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-284",
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv",
"refsource": "MISC",
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
},
{
"name": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40",
"refsource": "MISC",
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
}
]
},
"source": {
"advisory": "GHSA-mqpq-2p68-46fv",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C7D7BA-743B-4C43-B77C-E6C1A6ACFE7E",
"versionEndIncluding": "0.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pyload:pyload:0.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3040B5C9-171B-40D9-83CB-CD529DC046ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pyload:pyload:0.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78FA70FC-0CFE-4E89-9274-1670E1204B61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77."
},
{
"lang": "es",
"value": "pyLoad es el administrador de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. Cualquier usuario no autenticado puede navegar a una URL espec\u00edfica para exponer la configuraci\u00f3n de Flask, incluida la variable `SECRET_KEY`. Este problema se solucion\u00f3 en la versi\u00f3n 0.5.0b3.dev77."
}
],
"id": "CVE-2024-21644",
"lastModified": "2024-01-11T17:33:09.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-08T14:15:47.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
GHSA-MQPQ-2P68-46FV
Vulnerability from github – Published: 2024-01-08 15:40 – Updated: 2024-01-08 15:40
VLAI?
Summary
pyload Unauthenticated Flask Configuration Leakage vulnerability
Details
Summary
Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable.
Details
Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable.
PoC
Run pyload in the default configuration by running the following command
pyload
Now browse to http://localhost:8000/render/info.html. Notice how the Flask configuration gets displayed.
I was quite amused by this finding. I think it's a very interesting coming together of things that is so unlikely to happen. Below I will detail my process a bit more.
I was looking through the code to see how the authorization mechanism is implemented when I spotted this route, which can be accessed by any unauthenticated actor - https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/blueprints/app_blueprint.py#L33C1-L37C51
@bp.route("/render/<path:filename>", endpoint="render")
def render(filename):
mimetype = mimetypes.guess_type(filename)[0] or "text/html"
data = render_template(filename)
return flask.Response(data, mimetype=mimetype)
```
This route allows me to load in any of the predefined templates. However, these templates will be lacking any form of context, and as such it doesn't seem too useful. That is until I loaded the `info.html` template and scrolled down, revealing the Flask config. This was purely accidental, and I did not understand why it happened, until I looked at the template
- https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/templates/info.html#L64C1-L67C10
```python
<tr>
<td>{{ _("Config folder:") }}</td>
<td>{{ config }}</td>
</tr>
In Flask, every template always gets the Flask config passed to it as the config variable. In the normal execution of this template, this value gets overwritten in the function below, but since we're calling it and bypassing this function altogether, it doesn't get overwritten. Would this variable not be named config and named configuration or Config instead, then this exploit wouldn't work. The likelihood of this occurring is so small, but it seems to have happened here.
- https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/blueprints/app_blueprint.py#L450C1-L461C51
python context = { "python": sys.version, "os": " ".join((os.name, sys.platform) + extra), "version": api.get_server_version(), "folder": PKGDIR, "config": api.get_userdir(), "download": conf["general"]["storage_folder"]["value"], "freespace": format.size(api.free_space()), "webif": conf["webui"]["port"]["value"], "language": conf["general"]["language"]["value"], } return render_template("info.html", **context)
Impact
Depending on the how the Flask config data is used, it could have detrimental consequences for the security. It's crucial to keep the SECRET_KEY secret and never expose it in your code or configuration files.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyload-ng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.0b3.dev77"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21644"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-08T15:40:39Z",
"nvd_published_at": "2024-01-08T14:15:47Z",
"severity": "HIGH"
},
"details": "### Summary\nAny unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable.\n\n### Details\nAny unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable.\n\n### PoC\nRun `pyload` in the default configuration by running the following command\n```\npyload\n```\n\nNow browse to `http://localhost:8000/render/info.html`. Notice how the Flask configuration gets displayed.\n\n\nI was quite amused by this finding. I think it\u0027s a very interesting coming together of things that is so unlikely to happen. Below I will detail my process a bit more.\n\nI was looking through the code to see how the authorization mechanism is implemented when I spotted this route, which can be accessed by any unauthenticated actor\n- https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/blueprints/app_blueprint.py#L33C1-L37C51\n```python\n@bp.route(\"/render/\u003cpath:filename\u003e\", endpoint=\"render\")\ndef render(filename):\n mimetype = mimetypes.guess_type(filename)[0] or \"text/html\"\n data = render_template(filename)\n return flask.Response(data, mimetype=mimetype)\n ```\n\nThis route allows me to load in any of the predefined templates. However, these templates will be lacking any form of context, and as such it doesn\u0027t seem too useful. That is until I loaded the `info.html` template and scrolled down, revealing the Flask config. This was purely accidental, and I did not understand why it happened, until I looked at the template\n\n- https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/templates/info.html#L64C1-L67C10\n```python\n \u003ctr\u003e\n \u003ctd\u003e{{ _(\"Config folder:\") }}\u003c/td\u003e\n \u003ctd\u003e{{ config }}\u003c/td\u003e\n \u003c/tr\u003e\n```\n\nIn Flask, every template always gets the Flask config passed to it as the `config` variable. In the normal execution of this template, this value gets overwritten in the function below, but since we\u0027re calling it and bypassing this function altogether, it doesn\u0027t get overwritten. Would this variable not be named config and named `configuration` or `Config` instead, then this exploit wouldn\u0027t work. The likelihood of this occurring is so small, but it seems to have happened here.\n\n- https://github.com/pyload/pyload/blob/57d81930edb59177c60830ad8ac36a91d0ec4c4e/src/pyload/webui/app/blueprints/app_blueprint.py#L450C1-L461C51\n```python\n context = {\n \"python\": sys.version,\n \"os\": \" \".join((os.name, sys.platform) + extra),\n \"version\": api.get_server_version(),\n \"folder\": PKGDIR,\n \"config\": api.get_userdir(),\n \"download\": conf[\"general\"][\"storage_folder\"][\"value\"],\n \"freespace\": format.size(api.free_space()),\n \"webif\": conf[\"webui\"][\"port\"][\"value\"],\n \"language\": conf[\"general\"][\"language\"][\"value\"],\n }\n return render_template(\"info.html\", **context)\n ```\n\n### Impact\nDepending on the how the Flask config data is used, it could have detrimental consequences for the security. It\u0027s crucial to keep the `SECRET_KEY` secret and never expose it in your code or configuration files.\n",
"id": "GHSA-mqpq-2p68-46fv",
"modified": "2024-01-08T15:40:39Z",
"published": "2024-01-08T15:40:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21644"
},
{
"type": "WEB",
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyload/pyload"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "pyload Unauthenticated Flask Configuration Leakage vulnerability"
}
FKIE_CVE-2024-21644
Vulnerability from fkie_nvd - Published: 2024-01-08 14:15 - Updated: 2024-11-21 08:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C7D7BA-743B-4C43-B77C-E6C1A6ACFE7E",
"versionEndIncluding": "0.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pyload:pyload:0.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3040B5C9-171B-40D9-83CB-CD529DC046ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pyload:pyload:0.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78FA70FC-0CFE-4E89-9274-1670E1204B61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77."
},
{
"lang": "es",
"value": "pyLoad es el administrador de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. Cualquier usuario no autenticado puede navegar a una URL espec\u00edfica para exponer la configuraci\u00f3n de Flask, incluida la variable `SECRET_KEY`. Este problema se solucion\u00f3 en la versi\u00f3n 0.5.0b3.dev77."
}
],
"id": "CVE-2024-21644",
"lastModified": "2024-11-21T08:54:47.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-08T14:15:47.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…