CVE-2024-22779 is a directory traversal vulnerability identified in Kihron ServerRPExposer versions 1.0.2 and earlier. The flaw exists in the loadServerPack method within the ServerResourcePackProviderMixin.java component. By exploiting this vulnerability, a remote attacker can manipulate file path inputs to traverse directories outside the intended scope, enabling them to execute arbitrary code on the affected server. The vulnerability does not require any privileges (PR:N) but does require user interaction (UI:R), such as triggering the vulnerable function through a crafted request. The attack vector is network-based (AV:N), meaning exploitation can occur remotely without physical or local access. The CVSS 3.1 base score of 8.8 reflects high impact on confidentiality, integrity, and availability, as successful exploitation could lead to full system compromise. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a common and critical security weakness. Currently, no patches or official fixes have been released, and no known exploits have been observed in the wild. This leaves organizations at risk if they continue to run vulnerable versions exposed to untrusted networks. The vulnerability’s requirement for user interaction suggests that exploitation might involve tricking a user or system process to invoke the vulnerable function with malicious input.

The potential impact of CVE-2024-22779 is severe for organizations running Kihron ServerRPExposer versions 1.0.2 or earlier, especially those exposing the service to external networks. Successful exploitation can lead to remote code execution, allowing attackers to gain unauthorized access, execute arbitrary commands, and potentially take full control of the affected server. This compromises confidentiality by exposing sensitive data, integrity by allowing unauthorized modifications, and availability by potentially disrupting service operations. The vulnerability’s remote exploitability without privileges increases the attack surface significantly. Organizations in critical infrastructure sectors, cloud service providers, and enterprises relying on Kihron ServerRPExposer for resource pack management are at heightened risk. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high CVSS score indicates that attackers will likely develop exploits rapidly once the vulnerability becomes widely known.

Organizations should immediately audit their environments to identify any deployments of Kihron ServerRPExposer version 1.0.2 or earlier. Until an official patch is released, implement strict network-level access controls to restrict exposure of the vulnerable service to trusted internal networks only. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block directory traversal patterns targeting the loadServerPack function. Conduct thorough input validation and sanitization on all user-supplied data interacting with resource pack loading mechanisms. Monitor logs for suspicious activity indicative of directory traversal attempts or unusual file access patterns. Engage with the vendor or community to obtain updates or patches as soon as they become available. Additionally, consider isolating the vulnerable service in a segmented network zone and applying the principle of least privilege to minimize potential damage from exploitation. Educate users and administrators about the risk of interacting with untrusted inputs that may trigger the vulnerability.