Lucene search

103e4ec9-0a87-450b-af77-479448ddef11CVE-2024-1142

HistoryMar 21, 2024 - 2:51 a.m.

CVE-2024-1142

2024-03-2102:51:36

CWE-22

103e4ec9-0a87-450b-af77-479448ddef11

web.nvd.nist.gov

cve

2024

1142

path traversal

sonatype iq server

nvd

security issue

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.7%

JSON

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IQ Server",
    "vendor": "Sonatype",
    "versions": [
      {
        "lessThan": "171",
        "status": "affected",
        "version": "143",
        "versionType": "custom"
      }
    ]
  }
]

References

support.sonatype.com/hc/en-us/articles/27034479038739-CVE-2024-1142-Sonatype-IQ-Server-Path-Traversal-2024-03-06

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.7%

JSON

Related for CVE-2024-1142