admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-544xx/CVE-2024-54452.json
cad-safe-bot 22fb3bea38 Auto-Update: 2025-01-05T03:00:19.815336+00:00
2025-01-05 03:03:46 +00:00

64 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-54452",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T20:15:23.557",
"lastModified": "2024-12-28T19:15:07.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Kurmi Provisioning Suite anterior a la versi\u00f3n 7.9.0.35 y de la versi\u00f3n 7.10.x a la 7.10.0.18. Una vulnerabilidad de inclusi\u00f3n de archivos locales y directory traversal en la p\u00e1gina logsSys.do permite a atacantes remotos (autenticados como administradores) activar la visualizaci\u00f3n de archivos no deseados. Se podr\u00eda mostrar cualquier archivo al que tenga acceso la cuenta de usuario de Kurmi, por ejemplo, archivos de configuraci\u00f3n con informaci\u00f3n como la contrase\u00f1a de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://kurmi-software.com",
"source": "cve@mitre.org"
},
{
"url": "https://kurmi-software.com/cve/cve-2024-54452/",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink