CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CVE-2024-27182 (GCVE-0-2024-27182)
Vulnerability from cvelistv5 – Published: 2024-08-02 09:29 – Updated: 2025-03-27 15:48
VLAI
Title
Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
Summary
In Apache Linkis <= 1.5.0,
Arbitrary file deletion in Basic management services on
A user with an administrator account could delete any file accessible by the Linkis system user
.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/2of1p433h8rbq2bx5… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Linkis Basic management services |
Affected:
1.3.2 , < 1.6.0
(maven)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T13:55:06.669774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:48:58.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:03:25.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/02/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.linkis:linkis-pes-publicservice",
"product": "Apache Linkis Basic management services",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.2",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "superx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Linkis \u0026lt;= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with an administrator account could delete any file accessible by the Linkis system user\u003c/span\u003e\n\n.\u003cbr\u003eUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"value": "In Apache Linkis \u003c= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\nA user with an administrator account could delete any file accessible by the Linkis system user\n\n.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T09:29:38.967Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27182",
"datePublished": "2024-08-02T09:29:33.391Z",
"dateReserved": "2024-02-21T03:05:04.990Z",
"dateUpdated": "2025-03-27T15:48:58.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2759 (GCVE-0-2024-2759)
Vulnerability from cvelistv5 – Published: 2024-04-04 13:23 – Updated: 2024-11-20 17:21
VLAI
Title
Improper access control in Apaczka plugin for PrestaShop
Summary
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
Severity
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/04/CVE-2024-2759/ | third-party-advisory |
| https://cert.pl/posts/2024/04/CVE-2024-2759/ | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Alsendo Sp. z o. o. | Apaczka |
Affected:
v1 , ≤ v4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apaczka",
"vendor": "prestashopmodules",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T17:19:10.975327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:21:20.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.apaczka.pl/integracje/prestashop/konfiguracja/",
"defaultStatus": "unaffected",
"platforms": [
"PrestaShop"
],
"product": "Apaczka",
"vendor": "Alsendo Sp. z o. o.",
"versions": [
{
"lessThanOrEqual": "v4",
"status": "affected",
"version": "v1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakub Przepi\u00f3ra"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.\u003cp\u003eThis issue affects Apaczka plugin for PrestaShop from v1 through v4.\u003c/p\u003e"
}
],
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:17.582Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control in Apaczka plugin for PrestaShop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2759",
"datePublished": "2024-04-04T13:23:57.114Z",
"dateReserved": "2024-03-21T13:13:33.707Z",
"dateUpdated": "2024-11-20T17:21:20.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27894 (GCVE-0-2024-27894)
Vulnerability from cvelistv5 – Published: 2024-03-12 18:19 – Updated: 2025-02-13 17:47
VLAI
Title
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Summary
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.
This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".
This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0.
2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.
2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.
3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.
3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.
3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.
Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.
The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation.
Severity
8.5 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/45cqhgqg8d19ongjw… | mailing-list |
| https://pulsar.apache.org/security/CVE-2024-27894/ | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/0… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Pulsar |
Affected:
2.4.0 , < 2.10.6
(semver)
Affected: 2.11.0 , < 2.11.4 (semver) Affected: 3.0.0 , < 3.0.3 (semver) Affected: 3.1.0 , < 3.1.3 (semver) Affected: 3.2.0 , < 3.2.1 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T16:05:51.769657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:12.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/45cqhgqg8d19ongjw18ypcss8vwh206p"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pulsar.apache.org/security/CVE-2024-27894/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.10.6",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThan": "2.11.4",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.2.1",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lari Hotari of StreamNative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function\u0027s implementation is referenced by a URL. The supported URL schemes include \"file\", \"http\", and \"https\". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.\u003cbr\u003eThis vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \u003cbr\u003e\u003cbr\u003e2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\u003cbr\u003e2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\u003cbr\u003e3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\u003cbr\u003e3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\u003cbr\u003e3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\u003cbr\u003e\u003cbr\u003eUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\u003cbr\u003e\u003cbr\u003eThe updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: \"additionalEnabledConnectorUrlPatterns\" and \"additionalEnabledFunctionsUrlPatterns\". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation."
}
],
"value": "The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function\u0027s implementation is referenced by a URL. The supported URL schemes include \"file\", \"http\", and \"https\". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.\nThis vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\n\nThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\n3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\n3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\n3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\n\nThe updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: \"additionalEnabledConnectorUrlPatterns\" and \"additionalEnabledFunctionsUrlPatterns\". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:09:31.832Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/45cqhgqg8d19ongjw18ypcss8vwh206p"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://pulsar.apache.org/security/CVE-2024-27894/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/11"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27894",
"datePublished": "2024-03-12T18:19:41.084Z",
"dateReserved": "2024-02-26T21:19:23.344Z",
"dateUpdated": "2025-02-13T17:47:12.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31141 (GCVE-0-2024-31141)
Vulnerability from cvelistv5 – Published: 2024-11-19 08:40 – Updated: 2025-01-31 15:02
VLAI
Title
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Summary
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.
Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.
In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.
In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.
This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.
Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".
Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.
For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.
For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/9whdzfr0zwdhr3646… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Kafka Clients |
Affected:
2.3.0 , ≤ 3.5.2
(semver)
Affected: 3.6.0 , ≤ 3.6.2 (semver) Affected: 3.7.0 (semver) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-31T15:02:44.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/18/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:14:13.118831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:15:34.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.kafka:kafka-clients",
"product": "Apache Kafka Clients",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.5.2",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Greg Harris"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Mickael Maison"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Chris Egerton"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.\u003cbr\u003e\u003cbr\u003eApache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.\u003cbr\u003eIn applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.\u003cbr\u003e\u003cbr\u003eIn particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers with affected applications are recommended to upgrade kafka-clients to version \u0026gt;=3.8.0, and set the JVM system property \"org.apache.kafka.automatic.config.providers=none\".\u003cbr\u003eUsers of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate \"allowlist.pattern\" and \"allowed.paths\" to restrict their operation to appropriate bounds.\u003cbr\u003e\u003c/p\u003eFor users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eFor users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.\n\nApache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.\nIn applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.\n\nIn particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.\nThis issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.\n\n\nUsers with affected applications are recommended to upgrade kafka-clients to version \u003e=3.8.0, and set the JVM system property \"org.apache.kafka.automatic.config.providers=none\".\nUsers of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate \"allowlist.pattern\" and \"allowed.paths\" to restrict their operation to appropriate bounds.\n\n\nFor users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.\nFor users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T08:40:50.695Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-31141",
"datePublished": "2024-11-19T08:40:50.695Z",
"dateReserved": "2024-03-28T16:57:34.016Z",
"dateUpdated": "2025-01-31T15:02:44.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34066 (GCVE-0-2024-34066)
Vulnerability from cvelistv5 – Published: 2024-05-03 17:42 – Updated: 2024-08-02 02:42
VLAI
Title
Arbitrary File Write/Read in Pterodactyl wings
Summary
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround.
Severity
8.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pterodactyl/wings/security/adv… | x_refsource_CONFIRM |
| https://github.com/pterodactyl/wings/commit/5415f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pterodactyl | wings |
Affected:
< 1.11.12
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pterodactyl:wings:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wings",
"vendor": "pterodactyl",
"versions": [
{
"lessThan": "1.11.12",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:26:38.404132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:52.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw"
},
{
"name": "https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wings",
"vendor": "pterodactyl",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T17:42:12.412Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw"
},
{
"name": "https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de"
}
],
"source": {
"advisory": "GHSA-gqmf-jqgv-v8fw",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Write/Read in Pterodactyl wings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34066",
"datePublished": "2024-05-03T17:42:12.412Z",
"dateReserved": "2024-04-30T06:56:33.381Z",
"dateUpdated": "2024-08-02T02:42:59.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35183 (GCVE-0-2024-35183)
Vulnerability from cvelistv5 – Published: 2024-05-15 21:24 – Updated: 2024-08-02 03:07
VLAI
Title
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Summary
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. A central function `GetGitAuth` looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library. Most callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com. This behavior has existed in one form or another since commit 0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023. This impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. This also impacts anyone who ran `wolfictl update <url>` with a remote URL outside of github.com. Additionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token. Users should upgrade to version 0.16.10 to receive a patch.
Severity
4.4 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/wolfi-dev/wolfictl/security/ad… | x_refsource_CONFIRM |
| https://github.com/wolfi-dev/wolfictl/commit/0d06… | x_refsource_MISC |
| https://github.com/wolfi-dev/wolfictl/commit/403e… | x_refsource_MISC |
| https://github.com/wolfi-dev/wolfictl/blob/488b53… | x_refsource_MISC |
| https://github.com/wolfi-dev/wolfictl/blob/4dd6c9… | x_refsource_MISC |
| https://github.com/wolfi-dev/wolfictl/blob/6d9990… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wolfi-dev:wolfictl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wolfictl",
"vendor": "wolfi-dev",
"versions": [
{
"lessThan": "0.16.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35183",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:04:34.704368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:34.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wolfictl",
"vendor": "wolfi-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user\u2019s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. A central function `GetGitAuth` looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library. Most callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com. This behavior has existed in one form or another since commit 0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023. This impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. This also impacts anyone who ran `wolfictl update \u003curl\u003e` with a remote URL outside of github.com. Additionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token. Users should upgrade to version 0.16.10 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T21:24:23.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49"
},
{
"name": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22"
}
],
"source": {
"advisory": "GHSA-8fg7-hp93-qhvr",
"discovery": "UNKNOWN"
},
"title": "wolfictl leaks GitHub tokens to remote non-GitHub git servers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35183",
"datePublished": "2024-05-15T21:24:23.656Z",
"dateReserved": "2024-05-10T14:24:24.339Z",
"dateUpdated": "2024-08-02T03:07:46.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38429 (GCVE-0-2024-38429)
Vulnerability from cvelistv5 – Published: 2024-07-30 08:45 – Updated: 2024-08-02 04:12
VLAI
Title
Matrix - CWE-552: Files or Directories Accessible to External Parties
Summary
Matrix Tafnit v8
- CWE-552: Files or Directories Accessible to External Parties
Severity
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
Date Public
2024-07-30 08:28
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:matrixglobalservices:tafnit:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tafnit",
"vendor": "matrixglobalservices",
"versions": [
{
"lessThan": "8.4.202",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:35:15.171307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:35:19.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tafnit v8",
"vendor": "Matrix",
"versions": [
{
"lessThan": "8.4.202",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security LTD"
}
],
"datePublic": "2024-07-30T08:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMatrix\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTafnit v8\u003c/span\u003e\n\n - \u0026nbsp;CWE-552: Files or Directories Accessible to External Parties\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Matrix\u00a0Tafnit v8\n\n - \u00a0CWE-552: Files or Directories Accessible to External Parties"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T08:53:56.083Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 8.4.202 or greater. Use \"File Streamer\" option\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 8.4.202 or greater. Use \"File Streamer\" option"
}
],
"source": {
"advisory": "ILVN-2024-0167",
"discovery": "UNKNOWN"
},
"title": "Matrix - CWE-552: Files or Directories Accessible to External Parties",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-38429",
"datePublished": "2024-07-30T08:45:17.371Z",
"dateReserved": "2024-06-16T08:00:52.285Z",
"dateUpdated": "2024-08-02T04:12:24.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38876 (GCVE-0-2024-38876)
Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
VLAI
Summary
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.
Severity
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Omnivise T3000 Application Server R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 Domain Controller R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 Product Data Management (PDM) R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 R8.2 SP3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 R8.2 SP4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 Terminal Server R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 Thin Client R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 Whitelisting Server R9.2 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_application_server_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_application_server_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_domain_controller_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_domain_controller_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_product_data_management_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_product_data_management_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_r8.2_sp3:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_r8.2_sp3",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_r82_sp4:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_r82_sp4",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_terminal_server_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_terminal_server_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_thin_client_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_thin_client_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server_r9.2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omnivise_t3000_whitelisting_server_r9.2",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:21:31.609941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:14:54.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:53.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Application Server R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Domain Controller R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Product Data Management (PDM) R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Terminal Server R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Thin Client R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Whitelisting Server R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:12.401Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-38876",
"datePublished": "2024-08-02T10:36:16.928Z",
"dateReserved": "2024-06-21T08:28:10.677Z",
"dateUpdated": "2025-11-03T21:55:53.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3913 (GCVE-0-2024-3913)
Vulnerability from cvelistv5 – Published: 2024-08-13 12:30 – Updated: 2025-01-29 06:04
VLAI
Title
Phoenix Contact: Start sequence allows attack during the boot process
Summary
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
Severity
5.9 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix Contact | CHARX SEC-3000 (1139022) |
Affected:
0.0.0 , < 1.7.0
(semver)
|
|
| Phoenix Contact | CHARX SEC-3050 (1139018) |
Affected:
0.0.0 , < 1.7.0
(semver)
|
|
| Phoenix Contact | CHARX SEC-3100 (1139012) |
Affected:
0.0.0 , < 1.7.0
(semver)
|
|
| Phoenix Contact | CHARX SEC-3150 (1139012) |
Affected:
0.0.0 , < 1.7.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3000",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3050",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3100",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3150",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:48:51.878463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:56:57.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3000 (1139022)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3050 (1139018)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3100 (1139012)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3150 (1139012)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alex Olson, \"gadha\""
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trend Micro\u0027s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T06:04:51.452Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-022"
}
],
"source": {
"advisory": "VDE-2024-022",
"defect": [
"CERT@VDE#641622"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: Start sequence allows attack during the boot process",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-3913",
"datePublished": "2024-08-13T12:30:33.535Z",
"dateReserved": "2024-04-17T07:09:02.592Z",
"dateUpdated": "2025-01-29T06:04:51.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39581 (GCVE-0-2024-39581)
Vulnerability from cvelistv5 – Published: 2024-09-10 08:49 – Updated: 2024-09-10 13:18
VLAI
Summary
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.
Severity
7.3 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022841… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale InsightIQ |
Affected:
5.0 , ≤ 5.1
(semver)
|
Date Public
2024-09-09 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:powerscale_insightiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerscale_insightiq",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:10:59.735072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:18:42.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerScale InsightIQ",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-09-09T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files."
}
],
"value": "Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T08:49:57.279Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-39581",
"datePublished": "2024-09-10T08:49:57.279Z",
"dateReserved": "2024-06-26T02:14:30.867Z",
"dateUpdated": "2024-09-10T13:18:42.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.