exploitDog

GHSA-r24r-m7ff-ghq2

Опубликовано: 24 июн. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

Ссылки

EPSS

Процентиль: 48%

0.00252

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-22

CWE-400

Связанные уязвимости

CVE-2024-33881

CVSS3: 5.3

nvd

больше 1 года назад

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

EPSS

Процентиль: 48%

0.00252

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-22

CWE-400