CVE-2024-36079

1976-01-0100:00:00

mitre

github.com

AI Score

6.8

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:vaultize:drm:21.07.27:*:*:*:*:*:*:*"
    ],
    "vendor": "vaultize",
    "product": "drm",
    "versions": [
      {
        "status": "affected",
        "version": "21.07.27"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/DxRvs/vaultize_CVE-2024-36079