{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3318", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "state": "PUBLISHED", "assignerShortName": "SailPoint", "dateReserved": "2024-04-04T16:14:52.704Z", "datePublished": "2024-05-15T15:49:36.094Z", "dateUpdated": "2024-08-01T20:05:08.329Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Identity Security Cloud", "vendor": "SailPoint", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A file path traversal vulnerability was identified in the </span><em>DelimitedFileConnector </em><span style=\"background-color: rgb(255, 255, 255);\">Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, </span><span style=\"background-color: rgb(255, 255, 255);\">which in turn allowed the user to access files uploaded for other sources.</span>\n\n"}], "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-05-15T15:49:36.094Z"}, "references": [{"url": "https://www.sailpoint.com/security-advisories/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>"}], "value": "This issue has been resolved. No further action is needed."}], "source": {"discovery": "UNKNOWN"}, "title": "SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T16:30:56.909490Z", "id": "CVE-2024-3318", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T21:15:09.608Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.329Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.329Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-19T16:30:56.909490Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T16:31:29.895Z"}}], "cna": {"title": "SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SailPoint", "product": "Identity Security Cloud", "versions": [{"status": "affected", "version": "n/a"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue has been resolved. No further action is needed.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.sailpoint.com/security-advisories/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A file path traversal vulnerability was identified in the </span><em>DelimitedFileConnector </em><span style=\"background-color: rgb(255, 255, 255);\">Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, </span><span style=\"background-color: rgb(255, 255, 255);\">which in turn allowed the user to access files uploaded for other sources.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-05-15T15:49:36.094Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3318", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:08.329Z", "dateReserved": "2024-04-04T16:14:52.704Z", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "datePublished": "2024-05-15T15:49:36.094Z", "assignerShortName": "SailPoint"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources."}], "id": "CVE-2024-3318", "lastModified": "2024-05-15T16:40:19.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "psirt@sailpoint.com", "type": "Secondary"}]}, "published": "2024-05-15T16:15:10.963", "references": [{"source": "psirt@sailpoint.com", "url": "https://www.sailpoint.com/security-advisories/"}], "sourceIdentifier": "psirt@sailpoint.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@sailpoint.com", "type": "Secondary"}]}

{}