Lucene search

[email protected]NVD:CVE-2024-37769

HistoryJul 05, 2024 - 4:15 p.m.

CVE-2024-37769

2024-07-0516:15:05

CWE-278

[email protected]

web.nvd.nist.gov

14finger v1.1

insecure permissions

privilege escalation

crafted post request

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.5%

JSON

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

Affected configurations

Nvd

Node

b1ackc4t14fingerMatch1.1

VendorProductVersionCPE
b1ackc4t14finger1.1cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
b1ackc4t	14finger	1.1	cpe:2.3:a:b1ackc4t:14finger:1.1:::::::*

References

github.com/b1ackc4t/14Finger/issues/12

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.5%

JSON

Related for NVD:CVE-2024-37769

cvelist1 cve1 osv1 vulnrichment1