# Thruk-CVE-2023-34096
Thruk Monitoring Web Interface versions **<= v3.06** are vulnerable to **CVE-2023-34096 (Path Traversal)**.

The current exploit is made in Python 3 and exploits the vulnerability to upload a PoC file to multiple Thruk's common folders and also some Linux folders.

The CNA GitHub, Inc. assigned a CVSS 3.1 Score of **6.5 (Medium)** to this finding. ([Check NIST NVD](


## Vulnerability Summary
- **Assigned CVE:** CVE-2023-34096
- **CVE Author:** Galoget Latorre (@galoget)
- **Severity:** 6.5 Medium
- **Type:** Path Traversal
- **Product:** Thruk Monitoring Web Interface
- **Affected Versions:** All versions <= 3.06
- **Patched Version:** 3.06-2

## Timeline
- 2023-05-25: This vulnerability was identified by Galoget Latorre.
- 2023-06-02: Initial contact with maintainer via GitHub Security Advisory including vulnerability details and Proof of Concept (PoC).
- 2023-06-05: CVE-2023-34096 is assigned. 
- 2023-06-06: Maintainer releases a patch with version 3.06-2, see [Thruk's Changelog](
- 2023-06-08: [GitHub Security Advisory]( is released by maintainer.
- 2023-06-08: Security advisory ([author's blog post]( is released by Galoget Latorre.
- 2023-06-08: Exploit PoC (this repository) is released by Galoget Latorre.
- 2023-06-09: Exploit PoC is shared by [Exploit Database (Exploit-DB)](
- 2023-06-09: Exploit PoC is shared by [Packet Storm Security](

## Credits
This security vulnerability was **identified** and **reported** to the maintainer (Thruk's Developers) by **Galoget Latorre**, **Security Consultant** at **Hackem Cybersecurity Research Group** and **Dreamlab Technologies**.

## References
- CVE Author Blog: [](
- GitHub Security Advisory: [](
- Exploit Database (Exploit-DB): [](
- Packet Storm Security: [](
- NVD NIST: [](
- MITRE: [](
- Other Exploits (PoCs) authored by Galoget:
  - Exploit Database (Exploit-DB): [](
  - Packet Storm Security: [](

### Demo

![CVE-2023-34096 exploit PoC](CVE-2023-34096-exploit-PoC.png "CVE-2023-34096 exploit PoC")

**Note:** In the previous image, you can see that the exploit is showing an error message for the last 3 attempts, this is because in the test environment some folders were non-existent or the Apache user did not have write permissions on those paths. The exploit works correctly and the output was intended to test all possible cases.