CVE-2024-22851
📋 TL;DR
A directory traversal vulnerability in LiveConfig before version 2.5.2 allows remote attackers to access sensitive files outside the intended directory via crafted requests to the /static/ endpoint. This affects all LiveConfig installations running vulnerable versions, potentially exposing configuration files, credentials, or other sensitive data.
💻 Affected Systems
- LiveConfig
📦 What is this software?
Liveconfig by Liveconfig
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through exposure of sensitive configuration files containing credentials, leading to unauthorized access, data theft, or further exploitation.
Likely Case
Exposure of sensitive configuration files, potentially revealing database credentials, API keys, or other secrets that could enable lateral movement or data exfiltration.
If Mitigated
Limited information disclosure with no critical credentials exposed due to proper file permissions and security controls.
🎯 Exploit Status
Exploitation requires only HTTP requests with directory traversal sequences. Public proof-of-concept code is available in advisory references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.2
Vendor Advisory: https://www.liveconfig.com/de/kb/cve/cve-2024-22851/
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download LiveConfig 2.5.2 or later from official sources. 3. Follow upgrade instructions for your platform. 4. Restart LiveConfig service.
🔧 Temporary Workarounds
Web Server Access Restriction
allConfigure web server (Apache/Nginx) to block directory traversal attempts to /static/ endpoint
# Apache: RewriteRule ^/static/.*\.\./.* - [F,L]
# Nginx: location ~ ^/static/.*\.\./.* { return 403; }
Network Access Control
linuxRestrict access to LiveConfig web interface to trusted networks only
# Firewall rule example: iptables -A INPUT -p tcp --dport 80 -s TRUSTED_NETWORK -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -s TRUSTED_NETWORK -j ACCEPT
🧯 If You Can't Patch
- Implement strict network segmentation to isolate LiveConfig instances from untrusted networks
- Deploy web application firewall (WAF) with directory traversal protection rules
🔍 How to Verify
Check if Vulnerable:
Test with curl: curl -v 'http://target/static/../../etc/passwd' - if returns sensitive file content, vulnerableCheck Version:
liveconfig --version or check web interface admin panelVerify Fix Applied:
After patching, same test should return 404 or error instead of file content📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '..' or '../' patterns in /static/ path
- Unusual file access patterns from single IP addresses
- 404 errors for non-existent static files with traversal sequences
Network Indicators:
- HTTP GET requests with directory traversal sequences in URL
- Multiple rapid requests to /static/ endpoint from single source
SIEM Query:
source="web_logs" AND (url="*/static/*../*" OR url="*/static/*../*")🔗 References
- https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html
- https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851
- https://www.liveconfig.com/de/kb/cve/cve-2024-22851/
- https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851
- https://www.liveconfig.com/de/kb/cve/cve-2024-22851/
