CVE-2024-11839 HIGH

CVE-2024-11839: Insecure Deserialization via Runbooks Imports

Vendor Plextrac

Product PlexTrac

Weakness CWE-502 · Unsafe deserialization

Published December 13, 2024

Last update December 23, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Key dates

02Disclosure timeline

December 13, 2024 CVE published

December 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11839 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets" CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability CVE-2025-53243 WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability