Lucene search
Veracode Vulnerability DatabaseVERACODE:48260HistoryJul 30, 2024 - 7:21 a.m.
Path Traversal
2024-07-3007:21:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
tgstation-server
path traversal
low permission
set .dme path
privilege
malicious .dme files
remote code execution
byond's shell() proc
software
CVSS3
8.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H
AI Score
7.9
Confidence
Low
tgstation-server is vulnerable to Path Traversal. The vulnerability is due to low permission users with the “Set .dme Path” privilege potentially setting malicious .dme files to be compiled and executed, which can escalate into remote code execution via BYOND’s shell() proc.
Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-41799
2024-07-29 15:15:16
nvd
nvd
CVE-2024-41799
2024-07-29 15:15:16
osv
osv
cvelist
cvelist
CVSS3
8.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H
AI Score
7.9
Confidence
Low
Related for VERACODE:48260