FKIE_CVE-2024-3318

Vulnerability from fkie_nvd - Published: 2024-05-15 16:15 - Updated: 2024-11-21 09:29
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources.
References
psirt@sailpoint.comhttps://www.sailpoint.com/security-advisories/
af854a3a-2127-422b-91ae-364da2661108https://www.sailpoint.com/security-advisories/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources."
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 una vulnerabilidad de path traversal de archivo en el conector en la nube DelimitedFileConnector que permit\u00eda a un administrador autenticado establecer atributos de conector arbitrarios, incluido el atributo \u201carchivo\u201d, lo que a su vez permit\u00eda al usuario acceder a archivos cargados para otras fuentes."
    }
  ],
  "id": "CVE-2024-3318",
  "lastModified": "2024-11-21T09:29:23.120",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "psirt@sailpoint.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-15T16:15:10.963",
  "references": [
    {
      "source": "psirt@sailpoint.com",
      "url": "https://www.sailpoint.com/security-advisories/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.sailpoint.com/security-advisories/"
    }
  ],
  "sourceIdentifier": "psirt@sailpoint.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@sailpoint.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.