CVE-2024-3707 (GCVE-0-2024-3707)
Vulnerability from cvelistv5 – Published: 2024-04-12 13:52 – Updated: 2024-08-09 15:39
VLAI?
Title
Exposure of Information Through Directory Listing vulnerability in OpenGnsys
Summary
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
Severity ?
5.3 (Medium)
CWE
- CWE-548 - Exposure of Information Through Directory Listing
Assigner
References
Credits
Pedro Gabaldón Julá
Javier Medina Munuera
Antonio José Gálvez Sánchez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"
},
{
"tags": [
"x_transferred"
],
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "opengnsys",
"vendor": "opengnsys",
"versions": [
{
"status": "affected",
"version": "1.1.1d"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T14:15:58.308159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:39:49.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenGnsys",
"vendor": "OpenGnsys",
"versions": [
{
"status": "affected",
"version": "1.1.1d"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Gabald\u00f3n Jul\u00e1"
},
{
"lang": "en",
"type": "finder",
"value": "Javier Medina Munuera"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Jos\u00e9 G\u00e1lvez S\u00e1nchez"
}
],
"datePublic": "2024-04-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file."
}
],
"value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548: Exposure of Information Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T12:48:24.659Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"
},
{
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly."
}
],
"value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Information Through Directory Listing vulnerability in OpenGnsys",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-3707",
"datePublished": "2024-04-12T13:52:30.361Z",
"dateReserved": "2024-04-12T10:44:54.894Z",
"dateUpdated": "2024-08-09T15:39:49.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de exposici\\u00f3n de informaci\\u00f3n en OpenGnsys que afecta a la versi\\u00f3n 1.1.1d (Espeto). Esta vulnerabilidad permite a un atacante enumerar todos los archivos en el \\u00e1rbol web accediendo a un archivo php.\"}]",
"id": "CVE-2024-3707",
"lastModified": "2024-11-21T09:30:13.203",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2024-04-12T14:15:09.383",
"references": "[{\"url\": \"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\", \"source\": \"cve-coordination@incibe.es\"}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\", \"source\": \"cve-coordination@incibe.es\"}, {\"url\": \"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-548\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3707\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2024-04-12T14:15:09.383\",\"lastModified\":\"2025-11-04T18:13:35.600\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de exposici\u00f3n de informaci\u00f3n en OpenGnsys que afecta a la versi\u00f3n 1.1.1d (Espeto). Esta vulnerabilidad permite a un atacante enumerar todos los archivos en el \u00e1rbol web accediendo a un archivo php.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-548\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BCA877-074D-4F9B-B82F-6D23F111F9C6\"}]}]}],\"references\":[{\"url\":\"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:20:01.142Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3707\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-15T14:15:58.308159Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*\"], \"vendor\": \"opengnsys\", \"product\": \"opengnsys\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.1d\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T15:39:43.840Z\"}}], \"cna\": {\"title\": \"Exposure of Information Through Directory Listing vulnerability in OpenGnsys\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Pedro Gabald\\u00f3n Jul\\u00e1\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Javier Medina Munuera\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Antonio Jos\\u00e9 G\\u00e1lvez S\\u00e1nchez\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenGnsys\", \"product\": \"OpenGnsys\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.1d\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly.\", \"base64\": false}]}], \"datePublic\": \"2024-04-12T10:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys\"}, {\"url\": \"https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-548\", \"description\": \"CWE-548: Exposure of Information Through Directory Listing\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2024-07-05T12:48:24.659Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3707\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-09T15:39:49.388Z\", \"dateReserved\": \"2024-04-12T10:44:54.894Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2024-04-12T13:52:30.361Z\", \"assignerShortName\": \"INCIBE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…