High severity7.8NVD Advisory· Published Oct 14, 2024· Updated Jun 17, 2026
CVE-2024-48911
CVE-2024-48911
Description
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OpenCanaryPyPI | < 0.9.5 | 0.9.5 |
Affected products
2- thinkst/opencanaryv5Range: < 0.9.4
Patches
Vulnerability mechanics
References
6- github.com/thinkst/opencanary/commit/2c11575b1a3dd8b0df26a879ba856c0aa350c049nvdPatchWEB
- github.com/advisories/GHSA-pf5v-pqfv-x8jjghsaADVISORY
- github.com/thinkst/opencanary/security/advisories/GHSA-pf5v-pqfv-x8jjnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-48911ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/opencanary/PYSEC-2024-248.yamlghsaWEB
- github.com/thinkst/opencanary/releases/tag/v0.9.4nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.