Login Sign Up

CVE-2024-27630

7.5 HIGH
Authentication Bypass

📋 TL;DR

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in GNU Savane that allows remote attackers to delete arbitrary files on the server. Attackers can exploit this by sending crafted input to the trackers_data_delete_file function. All users running GNU Savane version 3.12 and earlier are affected.

💻 Affected Systems

Products:
  • GNU Savane
Versions: v3.12 and earlier
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations with the vulnerable function accessible.

📦 What is this software?

Savane by Gnu

View all CVEs affecting Savane →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.

🟠

Likely Case

Unauthorized deletion of application files, configuration files, or user data causing service disruption and data loss.

🟢

If Mitigated

Limited impact with proper file permissions and access controls preventing deletion of critical system files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the vulnerable function but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.13 or later

Vendor Advisory: https://savannah.gnu.org/

Restart Required: Yes

Instructions:

1. Backup your Savane installation and database. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Restart the Savane service.

🔧 Temporary Workarounds

Restrict file deletion permissions

linux

Modify file system permissions to prevent the Savane process from deleting critical files.

chmod -R 644 /path/to/savane/files
chown -R root:root /path/to/savane/files

Disable vulnerable function

all

Temporarily disable or restrict access to the trackers_data_delete_file function.

# Comment out or remove function calls in relevant PHP files

🧯 If You Can't Patch

  • Implement strict access controls and authentication for all file deletion operations.
  • Deploy web application firewall (WAF) rules to block malicious file deletion requests.

🔍 How to Verify

Check if Vulnerable:

Check your Savane version and compare against vulnerable versions (3.12 and earlier).

Check Version:

grep 'version' /path/to/savane/include/version.php

Verify Fix Applied:

Verify installation of Savane v3.13 or later and test file deletion functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in application logs
  • Multiple failed deletion attempts
  • Requests to trackers_data_delete_file with unusual parameters

Network Indicators:

  • HTTP POST requests to file deletion endpoints with crafted parameters
  • Unusual traffic patterns to Savane file management functions

SIEM Query:

source="savane_logs" AND (event="file_deletion" OR uri="/trackers_data_delete_file")

📊 Metadata

CVE ID: CVE-2024-27630
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-639
Published: April 8, 2024
Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27630, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)