CVE-2024-55653
📋 TL;DR
This vulnerability in PwnDoc allows authenticated users to crash the backend server by triggering an unhandled promise rejection during audit operations. This causes the entire application to become unavailable for all users. The vulnerability affects all PwnDoc installations up to version 0.5.3.
💻 Affected Systems
- PwnDoc (pwndoc/pwndoc)
📦 What is this software?
Pwndoc by Pwndoc Project
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for all users, requiring manual restart of the PwnDoc backend service and potential data loss if unsaved reports are being worked on.
Likely Case
Temporary service disruption affecting all users until the backend is manually restarted, disrupting penetration testing report generation workflows.
If Mitigated
Limited impact with proper monitoring and automated restart mechanisms in place, though service interruptions may still occur.
🎯 Exploit Status
Exploitation requires authenticated access but is simple to execute by sending malformed audit requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc
Restart Required: Yes
Instructions:
No official patch available. Monitor GitHub repository for updates and apply when released.
🔧 Temporary Workarounds
Implement request validation middleware
allAdd input validation to reject malformed audit requests before they reach the vulnerable code path.
# Requires modifying PwnDoc source code to add validation
Use process monitoring with auto-restart
linuxConfigure process monitoring (like PM2, systemd, or supervisor) to automatically restart PwnDoc if it crashes.
# Example PM2 configuration: pm2 start app.js --name pwndoc --watch
# systemd: systemctl enable pwndoc.service
🧯 If You Can't Patch
- Restrict user access to only trusted personnel who need to create/edit audit reports.
- Implement network segmentation to isolate PwnDoc instances from general user networks.
🔍 How to Verify
Check if Vulnerable:
Check PwnDoc version; if version is 0.5.3 or earlier, the system is vulnerable.Check Version:
Check package.json or docker image tag; for running instance, check web interface or API response headers.Verify Fix Applied:
When patch becomes available, verify version is greater than 0.5.3 and test audit functionality with malformed requests.📡 Detection & Monitoring
Log Indicators:
- UnhandledPromiseRejection warnings in logs
- Backend process termination/crash logs
- Multiple failed audit requests from same user
Network Indicators:
- Sudden drop in application responsiveness
- HTTP 500 errors on audit endpoints
- Increased failed API calls to /api/audits/*
SIEM Query:
source="pwndoc.logs" AND ("UnhandledPromiseRejection" OR "process.exit" OR "backend crashed")