cve/2024/CVE-2024-2045.md

### [CVE-2024-2045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2045)
![](https://img.shields.io/static/v1?label=Product&message=Session&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.17.5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

Session version 1.17.5 allows obtaining internal application files and publicfiles from the user's device without the user's consent. This is possiblebecause the application is vulnerable to Local File Read via chat attachments.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-2045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2045)`
			`![](https://img.shields.io/static/v1?label=Product&message=Session&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%201.17.5%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)`

			`### Description`

			`Session version 1.17.5 allows obtaining internal application files and publicfiles from the user's device without the user's consent. This is possiblebecause the application is vulnerable to Local File Read via chat attachments.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`