CVE-2024-27292 — AI Deep Analysis Summary

🚨 **Essence**: Docassemble suffers from **Unauthenticated Path Traversal**. Attackers manipulate URLs to access sensitive system info. <br>💥 **Consequences**: High Confidentiality impact.…

🛡️ **Root Cause**: **CWE-706** (Improper Control of Filename for Info Disclosure).…

📦 **Affected**: **Docassemble** by **jhpyle**. <br>📅 **Versions**: **1.4.53** through **1.4.96**. <br>✅ **Safe**: Version **1.4.97** and above are patched.

🕵️ **Hackers Can**: Read arbitrary files on the server. <br>📂 **Data Access**: System information, configuration files, and potentially sensitive user data. <br>🔓 **Privileges**: No authentication required.…

⚡ **Threshold**: **LOW**. <br>🔑 **Auth**: None required (Unauthenticated). <br>🌐 **Config**: Network Accessible (AV:N). Easy to exploit via simple URL manipulation.

💣 **Public Exp?**: **YES**. <br>🛠️ **PoCs Available**: <br>1. `CVEHunter` (Async performance tool). <br>2. `Docassemble_poc.py` (Python script). <br>3. Nuclei templates for automated scanning.

🔍 **Self-Check**: <br>1. Use **Nuclei** with CVE-2024-27292 template. <br>2. Run provided PoC scripts against target URLs. <br>3. Check version number in admin panel or HTTP headers.

🩹 **Fixed?**: **YES**. <br>📌 **Patch**: Version **1.4.97** on the master branch. <br>🔗 **Commit**: `97f77dc486a26a22ba804765bfd7058aabd600c9`.

🚧 **No Patch?**: <br>1. **WAF**: Block requests containing `../` or path traversal patterns. <br>2. **Network**: Restrict access to Docassemble instances. <br>3. **Monitor**: Alert on unusual file access logs.

🔥 **Urgency**: **HIGH**. <br>⚠️ **Priority**: Patch immediately. <br>📉 **Risk**: CVSS **7.5** (High). Unauthenticated access makes it easy for automated bots to exploit.