Lucene search

GitHub_MCVELIST:CVE-2024-47071

HistoryOct 01, 2024 - 3:40 p.m.

CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files

2024-10-0115:40:46

CWE-22

GitHub_M

www.cve.org

oss endpoint manager

unauthorized access

system files

freepbx

webserver

vulnerability

fixed

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

JSON

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

CNA Affected

[
  {
    "vendor": "FreePBX",
    "product": "security-reporting",
    "versions": [
      {
        "version": "< 14.0.4",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719

github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

JSON

Related for CVELIST:CVE-2024-47071