Lucene search

INCIBECVE-2024-9405

HistoryOct 01, 2024 - 12:15 p.m.

CVE-2024-9405

2024-10-0112:15:03

CWE-23

INCIBE

web.nvd.nist.gov

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

JSON

An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.

Affected configurations

Vulners

Vulnrichment

Node

pluck_cmspluck_cmsRange≤4.7.18

VendorProductVersionCPE
pluck_cmspluck_cms*cpe:2.3:a:pluck_cms:pluck_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pluck_cms	pluck_cms	*	cpe:2.3:a:pluck_cms:pluck_cms::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pluck CMS",
    "vendor": "Pluck CMS",
    "versions": [
      {
        "status": "affected",
        "version": "4.7.18"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/incorrect-limitation-path-restricted-directory-pluck-cms

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

JSON

Related for CVE-2024-9405