Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-24-780
HistoryJun 18, 2024 - 12:00 a.m.

PaperCut NG upload Link Following Information Disclosure Vulnerability

2024-06-1800:00:00
Anonymous
www.zerodayinitiative.com
4
papercut ng
information disclosure
vulnerability
remote attackers
authentication bypass
upload endpoint
symbolic link
arbitrary files
root disclose

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the upload endpoint. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of root.

Related

cvelist 1
prion 1
nvd 1
cve 1
vulnrichment 1
nessus 2
cvelist
cvelist
CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF
2024-03-14 03:01:05
prion
prion
CVE-2024-1221
2024-03-14 22:46:05
nvd
nvd
CVE-2024-1221
2024-03-14 03:15:06
cve
cve
CVE-2024-1221
2024-03-14 03:15:06
vulnrichment
vulnrichment
CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF
2024-03-14 03:01:05
nessus
nessus
PaperCut NG < 20.1.10 / 21.x < 21.2.14 / 22.x < 22.1.5 / 23.x < 23.0.7 Multiple Vulnerabilities
2024-04-15 00:00:00
PaperCut MF < 20.1.10 / 21.x < 21.2.14 / 22.x < 22.1.5 / 23.x < 23.0.7 Multiple Vulnerabilities
2024-04-15 00:00:00

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON
Related for ZDI-24-780
cvelist1prion1nvd1cve1vulnrichment1nessus2