Lucene search
TwcertCVE-2024-6738HistoryJul 15, 2024 - 3:15 a.m.
CVE-2024-6738
2024-07-1503:15:03
CWE-284
twcert
web.nvd.nist.gov
30
tronclass
access control
remote attackers
specific files
url modification
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
17.3%
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
Affected configurations
Node
wisdomgardentronclassRange<1.69.61976
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wisdomgarden | tronclass | * | cpe:2.3:a:wisdomgarden:tronclass:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Tronclass",
"vendor": "WisdomGarden",
"versions": [
{
"lessThan": "1.69.61976",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-6738
2024-07-15 03:15:03
vulnrichment
vulnrichment
CVE-2024-6738 WisdomGarden Tronclass - Broken Access Control
2024-07-15 02:50:39
cvelist
cvelist
CVE-2024-6738 WisdomGarden Tronclass - Broken Access Control
2024-07-15 02:50:39
githubexploit
githubexploit
Exploit for Improper Access Control in Wisdomgarden Tronclass
2024-07-15 08:58:22
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
17.3%
Related for CVE-2024-6738