NVD - CVE-2024-28247 (2024)

Table of Contents
Description Metrics References to Advisories, Solutions, and Tools Weakness Enumeration Change History

Awaiting Analysis

This vulnerability is currently awaiting analysis.

Description

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:


NVD - CVE-2024-28247 (1)

NIST:NVD

N/A

NVD assessment not yet provided.

See Also
Overview - Pi-hole documentationIPsec vs. WireGuard · TailscalepiHole cripples internet speedMonitor and get list of URLs of websites visited?

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://github.com/pi-hole/pi-hole/commit/f3af03174e676c20e502a92ed7842159f2fdeb7e
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x

Weakness Enumeration

CWE-ID CWE Name Source
CWE-269 Improper Privilege Management GitHub, Inc.  
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor GitHub, Inc.  

Change History

2 change records found show changes

NVD - CVE-2024-28247 (2024)
Top Articles
Westlaw
FAA Now Fully Enforcing Remote ID Rule for UAS Operations | UAS Magazine
Menards Thermal Fuse
Cars & Trucks - By Owner near Kissimmee, FL - craigslist
Chambersburg star athlete JJ Kelly makes his college decision, and he’s going DI
Atvs For Sale By Owner Craigslist
Senior Tax Analyst Vs Master Tax Advisor
Is Csl Plasma Open On 4Th Of July
Nwi Police Blotter
Doby's Funeral Home Obituaries
Mercy MyPay (Online Pay Stubs) / mercy-mypay-online-pay-stubs.pdf / PDF4PRO
Bc Hyundai Tupelo Ms
Grace Caroline Deepfake
Gon Deer Forum
Cvb Location Code Lookup
Missouri Highway Patrol Crash
Yisd Home Access Center
Talk To Me Showtimes Near Marcus Valley Grand Cinema
Greyson Alexander Thorn
Airtable Concatenate
Olivia Maeday
Violent Night Showtimes Near Amc Dine-In Menlo Park 12
6892697335
Walgreens On Bingle And Long Point
Xxn Abbreviation List 2017 Pdf
Access a Shared Resource | Computing for Arts + Sciences
Weather Underground Durham
Rs3 Bring Leela To The Tomb
How Much Is An Alignment At Costco
Redbox Walmart Near Me
3 Bedroom 1 Bath House For Sale
Sitting Human Silhouette Demonologist
Joplin Pets Craigslist
404-459-1280
Roto-Rooter Plumbing and Drain Service hiring General Manager in Cincinnati Metropolitan Area | LinkedIn
Hermann Memorial Urgent Care Near Me
Wsbtv Fish And Game Report
Wattengel Funeral Home Meadow Drive
Bones And All Showtimes Near Johnstown Movieplex
Husker Football
18 terrible things that happened on Friday the 13th
Suffix With Pent Crossword Clue
Luvsquad-Links
Pokemon Reborn Gyms
Houston Primary Care Byron Ga
Arre St Wv Srj
Noaa Duluth Mn
Texas 4A Baseball
Latest Posts
ERR_Connection_reset In Google Chrome web browser only
The Art Of The Store Closing Sale, In 5 Parts | Silverman Consulting & Retail Services
Article information

Author: Mr. See Jast

Last Updated:

Views: 6408

Rating: 4.4 / 5 (75 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Mr. See Jast

Birthday: 1999-07-30

Address: 8409 Megan Mountain, New Mathew, MT 44997-8193

Phone: +5023589614038

Job: Chief Executive

Hobby: Leather crafting, Flag Football, Candle making, Flying, Poi, Gunsmithing, Swimming

Introduction: My name is Mr. See Jast, I am a open, jolly, gorgeous, courageous, inexpensive, friendly, homely person who loves writing and wants to share my knowledge and understanding with you.