exploitDog

CVE-2024-25154

Опубликовано: 13 мар. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.

Ссылки

https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html
Release Notes
https://www.fortra.com/security/advisory/fi-2024-003
Vendor Advisory
https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html
Release Notes
https://www.fortra.com/security/advisory/fi-2024-003
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortra:filecatalyst_direct:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.8.9 (исключая)

EPSS

Процентиль: 52%

0.00293

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-fhxr-6q8q-x43m

CVSS3: 5.3

github

почти 2 года назад

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.

EPSS

Процентиль: 52%

0.00293

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

CWE-22