Lucene search

MitreCVELIST:CVE-2024-39937

HistoryJul 04, 2024 - 12:00 a.m.

CVE-2024-39937

2024-07-0400:00:00

mitre

www.cve.org

supos 5.0

directory traversal

vulnerability

api/image/download

filename

reading files

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

38.8%

JSON

supOS 5.0 allows api/image/download?fileName=…/ directory traversal for reading files.

References

github.com/bytehunter-rat/supOS-BUG/blob/main/supOSDirectoryTraversal.md

www.supos.com/supOSindex

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

38.8%

JSON

Related for CVELIST:CVE-2024-39937