Lucene search

MitreCVE-2024-39937

HistoryJul 04, 2024 - 10:15 p.m.

CVE-2024-39937

2024-07-0422:15:02

CWE-22

mitre

web.nvd.nist.gov

supos 5.0

directory traversal

vulnerability

file reading

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

supOS 5.0 allows api/image/download?fileName=…/ directory traversal for reading files.

Affected configurations

Nvd

Node

supossuposMatch5.0

VendorProductVersionCPE
supossupos5.0cpe:2.3:o:supos:supos:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
supos	supos	5.0	cpe:2.3:o:supos:supos:5.0:::::::*

References

github.com/bytehunter-rat/supOS-BUG/blob/main/supOSDirectoryTraversal.md

www.supos.com/supOSindex

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

Related for CVE-2024-39937