Lucene search
Veracode Vulnerability DatabaseVERACODE:45128HistoryJan 23, 2024 - 8:08 a.m.
Improper Access Control
2024-01-2308:08:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
vulnerability
software
access control
filename validation
bypass
file system
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
28.6%
vite is vulnerable to Improper Access Control. The vulnerability is due to lack of case sensitive filename validation in the dev server. An attacker can bypass file system access validation by entering a case insensitive file name.
Related
osv
osv
CGA-2838-8gg9-p93q
2024-06-06 12:20:47
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
2024-01-19 21:58:47
CVE-2024-23331
2024-01-19 20:15:14
cgr
cgr
CVE-2024-23331 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-23331 vulnerabilities
2024-09-21 03:21:11
prion
prion
Design/Logic Flaw
2024-01-19 20:15:00
cvelist
cvelist
nvd
nvd
CVE-2024-23331
2024-01-19 20:15:14
cve
cve
CVE-2024-23331
2024-01-19 20:15:14
github
github
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
28.6%
Related for VERACODE:45128