{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-4836", "ASSIGNER": "cvd@cert.pl", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user.\nThe issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-552 Files or Directories Accessible to External Parties", "cweId": "CWE-552" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Edito", "product": { "product_data": [ { "product_name": "Edito CMS", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "changes": [ { "at": "patch 10.01.2014", "status": "unaffected" } ], "lessThanOrEqual": "3.25", "status": "affected", "version": "3.5", "versionType": "semver" } ], "defaultStatus": "unaffected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.edito.pl/", "refsource": "MISC", "name": "https://www.edito.pl/" }, { "url": "https://cert.pl/en/posts/2024/07/CVE-2024-4836", "refsource": "MISC", "name": "https://cert.pl/en/posts/2024/07/CVE-2024-4836" }, { "url": "https://cert.pl/posts/2024/07/CVE-2024-4836", "refsource": "MISC", "name": "https://cert.pl/posts/2024/07/CVE-2024-4836" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "It is possible to disable access to sensitive files by using a modified configuration template provided by the vendor. " } ], "value": "It is possible to disable access to sensitive files by using a modified configuration template provided by the vendor." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ] } }