{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41799", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-22T13:57:37.134Z", "datePublished": "2024-07-29T15:00:23.851Z", "dateUpdated": "2024-08-02T04:46:52.940Z"}, "containers": {"cna": {"title": "tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4"}, {"name": "https://github.com/tgstation/tgstation-server/pull/1835", "tags": ["x_refsource_MISC"], "url": "https://github.com/tgstation/tgstation-server/pull/1835"}, {"name": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "tags": ["x_refsource_MISC"], "url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4"}], "affected": [{"vendor": "tgstation", "product": "tgstation-server", "versions": [{"version": ">= 4.0.0, < 6.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T15:00:23.851Z"}, "descriptions": [{"lang": "en", "value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the \"Set .dme Path\" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above."}], "source": {"advisory": "GHSA-c3h4-9gc2-f7h4", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "tgstation13", "product": "tgstation-server", "cpes": ["cpe:2.3:a:tgstation13:tgstation-server:4.0.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0.0.0", "status": "affected", "lessThan": "6.8.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T17:40:12.363650Z", "id": "CVE-2024-41799", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T17:42:45.745Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.940Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4"}, {"name": "https://github.com/tgstation/tgstation-server/pull/1835", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tgstation/tgstation-server/pull/1835"}, {"name": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/tgstation/tgstation-server/pull/1835", "name": "https://github.com/tgstation/tgstation-server/pull/1835", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "name": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.940Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-29T17:40:12.363650Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tgstation13:tgstation-server:4.0.0.0:*:*:*:*:*:*:*"], "vendor": "tgstation13", "product": "tgstation-server", "versions": [{"status": "affected", "version": "4.0.0.0", "lessThan": "6.8.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T17:42:40.681Z"}}], "cna": {"title": "tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users", "source": {"advisory": "GHSA-c3h4-9gc2-f7h4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "tgstation", "product": "tgstation-server", "versions": [{"status": "affected", "version": ">= 4.0.0, < 6.8.0"}]}], "references": [{"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tgstation/tgstation-server/pull/1835", "name": "https://github.com/tgstation/tgstation-server/pull/1835", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "name": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the \"Set .dme Path\" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-29T15:00:23.851Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41799", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:46:52.940Z", "dateReserved": "2024-07-22T13:57:37.134Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-29T15:00:23.851Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5027F60-9636-4DD0-AFC9-8B6A7A64E3B9", "versionEndExcluding": "6.8.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the \"Set .dme Path\" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above."}, {"lang": "es", "value": "tgstation-server es una herramienta a escala de producci\u00f3n para la gesti\u00f3n de servidores BYOND. Antes de 6.8.0, los usuarios con permisos bajos que usaban el privilegio \"Set .dme Path\" pod\u00edan configurar archivos .dme maliciosos existentes en la m\u00e1quina host para compilarlos y ejecutarlos. Estos archivos .dme se pueden cargar a trav\u00e9s del servidor tgstation (que requiere un privilegio aislado e independiente) o por alg\u00fan otro medio. Un servidor configurado para ejecutarse en el nivel de seguridad confiable de BYOND (que requiere un tercer privilegio separado y aislado O que lo establezca otro usuario) podr\u00eda llevar a que esto se convierta en una ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s del proceso shell() de BYOND. La capacidad de ejecutar este tipo de ataque es un efecto secundario conocido de tener usuarios privilegiados de TGS, pero normalmente requiere m\u00faltiples privilegios con debilidades conocidas. Este vector no es intencional ya que no requiere control sobre el origen del c\u00f3digo de implementaci\u00f3n y _puede_ no requerir acceso de escritura remota al directorio \"Configuration\" de una instancia. Este problema se solucion\u00f3 en las versiones 6.8.0 y superiores."}], "id": "CVE-2024-41799", "lastModified": "2025-08-19T14:35:40.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T15:15:16.267", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/tgstation/tgstation-server/pull/1835"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/tgstation/tgstation-server/pull/1835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}