CVE-2024-25125

MEDIUM

Treasure Data's digdag <0.10.5.1 - Path Traversal

Title source: llm

Description

Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5

Patch x_refsource_misc

https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.2965

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

io.digdag/digdag-server 0 - 0.10.5.1Maven

treasuredata/digdag < 0.10.5.1

Published Feb 14, 2024

Tracked Since Feb 18, 2026