Impact
A path traversal flaw in Halo’s backup download endpoint allows authenticated administrators to read arbitrary files on the server. The flaw stems from missing validation when resolving the backup filename, letting a malicious admin construct paths that escape the intended backups directory. This results in confidentiality exposure of any file the administrator can reach on the filesystem. The vulnerability is classified as CWE‑22.
Affected Systems
Halo is a community‑maintained open‑source website builder released by halo‑dev. Versions earlier than 2.24.3 are affected by this issue. Clients that run any 2.x series prior to that patch level and have the backup feature enabled are vulnerable until they upgrade.
Risk and Exploitability
The CVSS score of 5.5 indicates a medium rating, with the threat limited to compromised credentials of a privileged administrator. An attacker would first need authenticated admin access, then supply a crafted filename in the /files/{filename} path to read any file. The EPSS is not reported, and the vulnerability is not currently listed in the KEV catalog, suggesting a moderate exploitation probability but no known widespread attacks yet.
OpenCVE Enrichment