GitHub_MVULNRICHMENT:CVE-2024-47531CVE-2024-47531 Scout contains insufficient output escaping of attachment names
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users’ devices or data. This vulnerability is fixed in 4.89.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:clinical-genomics:scout:-:*:*:*:*:*:*:*"
],
"vendor": "clinical-genomics",
"product": "scout",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "4.88.1"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial