CVE-2024-55658 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-55658 PUBLISHED CVSS 8.699999809265137 HIGH

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.

EPSS 0.65% · 70.6th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.65%

70.6th percentile

Affected Products

Vendor	Product	Versions
b3log	siyuan	3.1.15, 3.1.15
siyuan-note	siyuan	< 3.1.16, < 3.1.16
github.com	siyuan-note/siyuan/kernel	0, 0

Timeline

Jan 21, 1970 Security Advisory
Dec 11, 2024 CVE Published
Dec 11, 2024 PoC Published
Dec 12, 2024 EPSS Score
Dec 12, 2024 PoC Published
Dec 28, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 15, 2025 EPSS Score
Mar 3, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Apr 4, 2025 EPSS Score

References

Open in Interactive Console →