CVE-2024-55653

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*

History

18 Apr 2025, 17:35

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:pwndoc_project:pwndoc::::::::
First Time		Pwndoc Project pwndoc Pwndoc Project
Summary		(es) PwnDoc es un generador de informes de pruebas de penetración. En versiones hasta la 0.5.3 inclusive, un usuario autenticado puede hacer que el backend se bloquee al generar un `UnhandledPromiseRejection` en las auditorías, lo que hace que salga del backend. El usuario no necesita saber el ID de auditoría, ya que un ID de auditoría incorrecto también generará el rechazo. Si el backend no responde, toda la aplicación se vuelve inutilizable para todos los usuarios de la aplicación. Al momento de la publicación, no hay parches conocidos disponibles.
References	~~() https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc -~~	() https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc - Exploit, Vendor Advisory

10 Dec 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-10 23:15

Updated : 2025-04-18 17:35

NVD link : CVE-2024-55653

Mitre link : CVE-2024-55653

CVE.ORG link : CVE-2024-55653

JSON object : View

Products Affected

pwndoc_project

pwndoc

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2024-55653", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-10T23:15:06.410", "references": [{"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available."}, {"lang": "es", "value": "PwnDoc es un generador de informes de pruebas de penetraci\u00f3n. En versiones hasta la 0.5.3 inclusive, un usuario autenticado puede hacer que el backend se bloquee al generar un `UnhandledPromiseRejection` en las auditor\u00edas, lo que hace que salga del backend. El usuario no necesita saber el ID de auditor\u00eda, ya que un ID de auditor\u00eda incorrecto tambi\u00e9n generar\u00e1 el rechazo. Si el backend no responde, toda la aplicaci\u00f3n se vuelve inutilizable para todos los usuarios de la aplicaci\u00f3n. Al momento de la publicaci\u00f3n, no hay parches conocidos disponibles."}], "lastModified": "2025-04-18T17:35:00.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75E37346-1FF1-4E5E-81B2-3DDFF78894A4", "versionEndExcluding": "0.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}