Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-1603

HistoryMar 23, 2024 - 6:24 p.m.

CVE-2024-1603 confirmed

2024-03-2318:24:29

CWE-73

@huntr_ai

github.com

cve-2024-1603

paddlepaddle

arbitrary file read

vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:paddlepaddle:paddle:2.6.0:*:*:*:*:*:*:*"
    ],
    "vendor": "paddlepaddle",
    "product": "paddle",
    "versions": [
      {
        "status": "affected",
        "version": "2.6.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1603