An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/DxRvs/vaultize_CVE-2024-36079 |
History
Tue, 20 Aug 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-20T14:05:36.115Z
Reserved:
Link: CVE-2024-36079
Vulnrichment
Updated: 2024-08-02T03:30:12.957Z
NVD
Status : Awaiting Analysis
Published: 2024-05-24T22:15:08.413
Modified: 2024-08-20T14:35:24.033
Link: CVE-2024-36079
Redhat
No data.