Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50334

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-29 Oct, 2024 | 14:36
Updated At-29 Oct, 2024 | 14:53
Rejected At-
Credits

Semicolon Path Injection on API /api;/config

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:29 Oct, 2024 | 14:36
Updated At:29 Oct, 2024 | 14:53
Rejected At:
▼CVE Numbering Authority (CNA)
Semicolon Path Injection on API /api;/config

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.

Affected Products
Vendor
Erudika
Product
scoold
Versions
Affected
  • < 1.64.0
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288: Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p
x_refsource_CONFIRM
Hyperlink: https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
erudika
Product
scoold
CPEs
  • cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.64.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:29 Oct, 2024 | 15:15
Updated At:08 Nov, 2024 | 19:51

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
erudika
erudika
>>scoold>>Versions up to 1.64.0(inclusive)
cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-288Primarysecurity-advisories@github.com
CWE ID: CWE-288
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3psecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2024-33939
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 15:55
Updated-08 Jul, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.

Action-Not Available
Vendor-themegrillMasteriyo
Product-masteriyoMasteriyo - LMS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-52338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.56%
||
7 Day CHG+0.01%
Published-19 Aug, 2025 | 00:00
Updated-20 Aug, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-4427
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-5.3||MEDIUM
EPSS-92.24% / 99.71%
||
7 Day CHG+5.18%
Published-13 May, 2025 | 15:45
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-09||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Authentication Bypass

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager MobileEndpoint Manager Mobile (EPMM)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-7007
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-25 Jul, 2024 | 16:42
Updated-26 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.

Action-Not Available
Vendor-positronPositron S.R.Lpositronsrl
Product-tra7005tra7005_firmwareBroadcast Signal Processor TRA7005broadcast_signal_processor_tra7005
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-46887
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.90%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-11 Jun, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 Software Controller Linux V3SIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 Software Controller CPU 1508S V2SIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S F V3SIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1512C-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1513pro F-2 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S F V2SIPLUS S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIMATIC S7-1500 CPU 1518-4 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1511C-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1515T-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUsSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 Software Controller CPU 1508S TF V3SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUsSIMATIC S7-1500 CPU 1516pro F-2 PNSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 Software Controller CPU 1507S V3SIMATIC S7-PLCSIM AdvancedSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC S7-1500 CPU 1516pro-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-862
Missing Authorization
Details not found