Lucene search

K
osvGoogleOSV:CVE-2024-35184
HistoryMay 15, 2024 - 10:15 p.m.

CVE-2024-35184

2024-05-1522:15:08
Google
osv.dev
3
paperless-ngx
remote user authentication
api access
patch issue

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Related for OSV:CVE-2024-35184