Vulnerability Details CVE-2024-25125
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.076
EPSS Ranking 91.4%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3
- https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5
- https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3
- https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5
Products affected by CVE-2024-25125
-
cpe:2.3:a:treasuredata:digdag:-
-
cpe:2.3:a:treasuredata:digdag:0.10.0
-
cpe:2.3:a:treasuredata:digdag:0.10.1
-
cpe:2.3:a:treasuredata:digdag:0.10.2
-
cpe:2.3:a:treasuredata:digdag:0.10.3
-
cpe:2.3:a:treasuredata:digdag:0.10.4
-
cpe:2.3:a:treasuredata:digdag:0.10.5
-
cpe:2.3:a:treasuredata:digdag:0.2.0
-
cpe:2.3:a:treasuredata:digdag:0.2.1
-
cpe:2.3:a:treasuredata:digdag:0.2.2
-
cpe:2.3:a:treasuredata:digdag:0.2.3
-
cpe:2.3:a:treasuredata:digdag:0.2.4
-
cpe:2.3:a:treasuredata:digdag:0.2.5
-
cpe:2.3:a:treasuredata:digdag:0.2.6
-
cpe:2.3:a:treasuredata:digdag:0.2.7
-
cpe:2.3:a:treasuredata:digdag:0.2.8
-
cpe:2.3:a:treasuredata:digdag:0.3.0
-
cpe:2.3:a:treasuredata:digdag:0.3.1
-
cpe:2.3:a:treasuredata:digdag:0.3.2
-
cpe:2.3:a:treasuredata:digdag:0.3.3
-
cpe:2.3:a:treasuredata:digdag:0.3.4
-
cpe:2.3:a:treasuredata:digdag:0.3.5
-
cpe:2.3:a:treasuredata:digdag:0.3.6
-
cpe:2.3:a:treasuredata:digdag:0.4.0
-
cpe:2.3:a:treasuredata:digdag:0.4.1
-
cpe:2.3:a:treasuredata:digdag:0.4.2
-
cpe:2.3:a:treasuredata:digdag:0.4.3
-
cpe:2.3:a:treasuredata:digdag:0.5.0
-
cpe:2.3:a:treasuredata:digdag:0.5.1
-
cpe:2.3:a:treasuredata:digdag:0.5.2
-
cpe:2.3:a:treasuredata:digdag:0.5.3
-
cpe:2.3:a:treasuredata:digdag:0.5.4
-
cpe:2.3:a:treasuredata:digdag:0.5.5
-
cpe:2.3:a:treasuredata:digdag:0.5.6
-
cpe:2.3:a:treasuredata:digdag:0.5.7
-
cpe:2.3:a:treasuredata:digdag:0.5.8
-
cpe:2.3:a:treasuredata:digdag:0.5.9
-
cpe:2.3:a:treasuredata:digdag:0.6.0
-
cpe:2.3:a:treasuredata:digdag:0.6.1
-
cpe:2.3:a:treasuredata:digdag:0.7.0
-
cpe:2.3:a:treasuredata:digdag:0.7.1
-
cpe:2.3:a:treasuredata:digdag:0.8.0
-
cpe:2.3:a:treasuredata:digdag:0.8.1
-
cpe:2.3:a:treasuredata:digdag:0.8.10
-
cpe:2.3:a:treasuredata:digdag:0.8.11
-
cpe:2.3:a:treasuredata:digdag:0.8.12
-
cpe:2.3:a:treasuredata:digdag:0.8.13
-
cpe:2.3:a:treasuredata:digdag:0.8.14
-
cpe:2.3:a:treasuredata:digdag:0.8.15
-
cpe:2.3:a:treasuredata:digdag:0.8.16
-
cpe:2.3:a:treasuredata:digdag:0.8.17
-
cpe:2.3:a:treasuredata:digdag:0.8.18
-
cpe:2.3:a:treasuredata:digdag:0.8.19
-
cpe:2.3:a:treasuredata:digdag:0.8.2
-
cpe:2.3:a:treasuredata:digdag:0.8.20
-
cpe:2.3:a:treasuredata:digdag:0.8.21
-
cpe:2.3:a:treasuredata:digdag:0.8.22
-
cpe:2.3:a:treasuredata:digdag:0.8.3
-
cpe:2.3:a:treasuredata:digdag:0.8.4
-
cpe:2.3:a:treasuredata:digdag:0.8.5
-
cpe:2.3:a:treasuredata:digdag:0.8.6
-
cpe:2.3:a:treasuredata:digdag:0.8.7
-
cpe:2.3:a:treasuredata:digdag:0.8.8
-
cpe:2.3:a:treasuredata:digdag:0.8.9
-
cpe:2.3:a:treasuredata:digdag:0.9.0
-
cpe:2.3:a:treasuredata:digdag:0.9.1
-
cpe:2.3:a:treasuredata:digdag:0.9.10
-
cpe:2.3:a:treasuredata:digdag:0.9.11
-
cpe:2.3:a:treasuredata:digdag:0.9.12
-
cpe:2.3:a:treasuredata:digdag:0.9.13
-
cpe:2.3:a:treasuredata:digdag:0.9.14
-
cpe:2.3:a:treasuredata:digdag:0.9.15
-
cpe:2.3:a:treasuredata:digdag:0.9.16
-
cpe:2.3:a:treasuredata:digdag:0.9.17
-
cpe:2.3:a:treasuredata:digdag:0.9.18
-
cpe:2.3:a:treasuredata:digdag:0.9.19
-
cpe:2.3:a:treasuredata:digdag:0.9.2
-
cpe:2.3:a:treasuredata:digdag:0.9.20
-
cpe:2.3:a:treasuredata:digdag:0.9.21
-
cpe:2.3:a:treasuredata:digdag:0.9.22
-
cpe:2.3:a:treasuredata:digdag:0.9.23
-
cpe:2.3:a:treasuredata:digdag:0.9.24
-
cpe:2.3:a:treasuredata:digdag:0.9.25
-
cpe:2.3:a:treasuredata:digdag:0.9.26
-
cpe:2.3:a:treasuredata:digdag:0.9.27
-
cpe:2.3:a:treasuredata:digdag:0.9.28
-
cpe:2.3:a:treasuredata:digdag:0.9.29
-
cpe:2.3:a:treasuredata:digdag:0.9.3
-
cpe:2.3:a:treasuredata:digdag:0.9.30
-
cpe:2.3:a:treasuredata:digdag:0.9.31
-
cpe:2.3:a:treasuredata:digdag:0.9.32
-
cpe:2.3:a:treasuredata:digdag:0.9.33
-
cpe:2.3:a:treasuredata:digdag:0.9.34
-
cpe:2.3:a:treasuredata:digdag:0.9.35
-
cpe:2.3:a:treasuredata:digdag:0.9.36
-
cpe:2.3:a:treasuredata:digdag:0.9.37
-
cpe:2.3:a:treasuredata:digdag:0.9.38
-
cpe:2.3:a:treasuredata:digdag:0.9.39
-
cpe:2.3:a:treasuredata:digdag:0.9.4
-
cpe:2.3:a:treasuredata:digdag:0.9.40
-
cpe:2.3:a:treasuredata:digdag:0.9.41
-
cpe:2.3:a:treasuredata:digdag:0.9.42
-
cpe:2.3:a:treasuredata:digdag:0.9.5
-
cpe:2.3:a:treasuredata:digdag:0.9.6
-
cpe:2.3:a:treasuredata:digdag:0.9.7
-
cpe:2.3:a:treasuredata:digdag:0.9.8
-
cpe:2.3:a:treasuredata:digdag:0.9.9