Wiz
Vulnerability DatabaseCVE-2024-11309

CVE-2024-11309
NixOS vulnerability analysis and mitigation

Overview

The DVC from TRCore has a Path Traversal vulnerability identified as CVE-2024-11309, which was discovered and disclosed on November 18, 2024. This vulnerability affects DVC versions 6.0 through 6.3. The issue allows unauthenticated remote attackers to read arbitrary system files on the affected systems (TWCERT Advisory).

Technical details

The vulnerability is classified as a Path Traversal issue (CWE-22/CWE-23) with a CVSS v3.1 base score of 7.5 (High), and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This scoring indicates that the vulnerability can be exploited remotely without requiring authentication or user interaction, and primarily impacts the confidentiality of the system (NVD).

Impact

The vulnerability allows unauthorized access to arbitrary system files, potentially exposing sensitive information stored on the affected systems. The high confidentiality impact (C:H) in the CVSS score indicates that the vulnerability could lead to total information disclosure, with all system files potentially being revealed to the attacker (TWCERT Advisory).

Mitigation and workarounds

The vendor has released version 6.4 as a fix for this vulnerability. Users are advised to update to version 6.4 or later to mitigate the security risk (TWCERT Advisory).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-20777MEDIUM6.7
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-20789MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-20788MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo