CVE-2024-2055— Artica Proxy Unauthenticated File Manager Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-2055
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Artica Proxy Unauthenticated File Manager Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Artica Proxy 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Artica Proxy是西班牙Artica公司的一款开源的Artica代理解决方案。 Artica Proxy 存在安全漏洞,该漏洞源于启用 Rich Filemanager功能后,默认不需要身份验证,并以 root 用户身份运行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Artica Tech | Artica Proxy | 4.50 | - |
II. Public POCs for CVE-2024-2055
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-2055
请登录查看更多情报信息。
- https://korelogic.com/Resources/Advisories/KL-001-2024-003.txtthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-2055
Same Patch Batch · Artica Tech · 2024-03-05 · 4 CVEs total
| CVE-2024-2053 | Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability | |
| CVE-2024-2054 | Artica Proxy Unauthenticated PHP Deserialization Vulnerability | |
| CVE-2024-2056 | Artica Proxy Loopback Services Remotely Accessible Unauthenticated |
IV. Related Vulnerabilities
Same weakness: CWE-288
- CVE-2026-41308
Password Pusher: JSON API `/p.json` file upload alias bypass - CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated - CVE-2026-7567
Temporary Login <= 1.0.0 - Authentication Bypass to Account - CVE-2026-40022
Apache Camel Platform HTTP Main: Authentication Bypass on No - CVE-2026-40630
SenseLive X3050 Authentication bypass using an alternate pat
V. Comments for CVE-2024-2055
No comments yet