The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-02-15T02:29:23.672Z
Updated: 2024-08-02T00:07:19.038Z
Reserved: 2024-02-15T01:33:48.679Z
Link: CVE-2024-26261
Vulnrichment
Updated: 2024-08-02T00:07:19.038Z
NVD
Status : Awaiting Analysis
Published: 2024-02-15T03:15:35.083
Modified: 2024-06-28T02:15:03.423
Link: CVE-2024-26261
Redhat
No data.