CVE-2024-34361 – This vulnerability in Pi-hole allows authentica... (How to Fix)

Q: What is the severity of CVE-2024-34361?

CVE-2024-34361 has a CVSS score of 8.5 (HIGH). This vulnerability in Pi-hole allows authenticated users to make internal requests to the server via the gravity_DownloadBlocklistFromUrl() function, potentially leading to remote command execution. It affects Pi-hole installations prior to version 5.18.3 where users have authenticated access to the web interface.

📋 TL;DR

This vulnerability in Pi-hole allows authenticated users to make internal requests to the server via the gravity_DownloadBlocklistFromUrl() function, potentially leading to remote command execution. It affects Pi-hole installations prior to version 5.18.3 where users have authenticated access to the web interface.

💻 Affected Systems

Products:

Pi-hole

Versions: All versions prior to 5.18.3

Operating Systems: Linux, Raspberry Pi OS, Other Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the Pi-hole web interface. The vulnerability exists in the gravity update functionality.

📦 What is this software?

Pi Hole by Pi Hole

View all CVEs affecting Pi Hole →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote command execution with the privileges of the Pi-hole process, potentially leading to full system compromise.

🟠

Likely Case

Server-side request forgery (SSRF) allowing internal network reconnaissance and potential data exfiltration.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH if Pi-hole web interface is exposed to the internet with authenticated users.

🏢 Internal Only: MEDIUM as it requires authenticated access but could be exploited by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and specific conditions for RCE. SSRF is more straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.18.3

Vendor Advisory: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6

Restart Required: Yes

Instructions:

1. Backup your Pi-hole configuration
2. Run: pihole -up
3. Verify update completed successfully
4. Restart Pi-hole services: pihole restartdns

🔧 Temporary Workarounds

Disable web interface access

linux

Temporarily disable Pi-hole web interface to prevent authenticated access

sudo systemctl disable lighttpd
sudo systemctl stop lighttpd

Restrict web interface access

linux

Limit web interface access to trusted IP addresses only

Edit /etc/lighttpd/lighttpd.conf to add IP restrictions
Restart lighttpd: sudo systemctl restart lighttpd

🧯 If You Can't Patch

Implement strict network segmentation to isolate Pi-hole from sensitive internal systems
Enforce strong authentication and limit user access to only necessary personnel

🔍 How to Verify

Check if Vulnerable:

Check Pi-hole version with: pihole -v | grep 'Pi-hole version'

Check Version:

pihole -v | grep 'Pi-hole version'

Verify Fix Applied:

Verify version is 5.18.3 or later: pihole -v | grep 'Pi-hole version'

📡 Detection & Monitoring

Log Indicators:

Unusual gravity update requests
Requests to gravity_DownloadBlocklistFromUrl with unusual URLs
Failed authentication attempts followed by gravity update requests

Network Indicators:

Outbound connections from Pi-hole to unexpected internal services
DNS queries for internal hostnames from Pi-hole server

SIEM Query:

source="pi-hole.log" AND ("gravity_DownloadBlocklistFromUrl" OR "blocklist update") AND url!="*pi-hole.net*"

📊 Metadata

CVE ID: CVE-2024-34361

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-918

Published: July 5, 2024

Last Updated: October 2, 2025

🔗 References

https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d Patch
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6 Exploit,Vendor Advisory
https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d Patch
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34361, you might also want to check these: