CVE-2023-51639

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22361.

Ссылки

https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html
Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-24-110/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*

Версия до 7.5.1 (исключая)

EPSS

Процентиль: 59%

0.00376

Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-g8p3-q878-476h

CVSS3: 9.8

github

около 1 года назад

Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22361.

EPSS

Процентиль: 59%

0.00376

Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22