Vulnerability DatabaseCVE-2024-49381

CVE-2024-49381:
Linux openSUSE vulnerability analysis and mitigation

Overview

Plenti, a static site generator, contains an arbitrary file deletion vulnerability (CVE-2024-49381) in versions prior to 0.7.2. The vulnerability exists in the /postLocal endpoint when a plenti user serves their website (GitHub Advisory, NVD).

Technical details

The vulnerability is present in the /postLocal endpoint of Plenti's serve command. When processing file operations, the endpoint fails to properly validate file paths before deletion operations, leading to potential arbitrary file deletion. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

Impact

This vulnerability can lead to information loss through unauthorized file deletion when a Plenti user serves their website. An attacker could potentially delete arbitrary files on the system where Plenti is running (GitHub Advisory).

Mitigation and workarounds

Users should upgrade to Plenti version 0.7.2 or later, which contains the fix for this vulnerability. The fix ensures that the /postLocal endpoint is properly contained to the project directory (GitHub Release).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp-debuginfo	No	Yes	Nov 21, 2025
CVE-2025-61915	MEDIUM	6.7	OpenPrinting CUPS	cups-devel	No	Yes	Nov 29, 2025
CVE-2025-58436	MEDIUM	5.5	OpenPrinting CUPS	cups-ipptool	No	Yes	Nov 29, 2025
CVE-2025-9820	N/A	N/A	GnuTLS	gnutls-c++	No	Yes	Nov 21, 2025
CVE-2025-13402	N/A	N/A	Linux Fedora	rnp	No	Yes	Nov 21, 2025