HTTP: Treasure Data Digdag getFile Directory Traversal
This signature detects attempts to exploit a known vulnerability against Treasure Data Digdag. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Products
Treasuredata digdag
Short Name
HTTP:DIR:TRSURE-DATA-GET-FILE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-25125 Data Digdag Directory Traversal Treasure getFile
Release Date
05/02/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3751
False Positive
Unknown
Vendors
Treasuredata