The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2024-05-28T18:39:48.285Z
Updated: 2024-08-01T21:11:12.744Z
Reserved: 2024-05-28T13:59:13.434Z
Link: CVE-2024-5433
Vulnrichment
Updated: 2024-08-01T21:11:12.744Z
NVD
Status : Awaiting Analysis
Published: 2024-05-28T19:15:11.500
Modified: 2024-05-29T13:02:09.280
Link: CVE-2024-5433
Redhat
No data.