Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.
The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.
Metrics
Affected Vendors & Products
References
History
Sat, 23 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 22 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265. | |
Title | Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-11-22T21:02:48.622Z
Updated: 2024-11-23T01:26:27.623Z
Reserved: 2024-09-26T19:39:04.085Z
Link: CVE-2024-9257
Vulnrichment
Updated: 2024-11-23T01:19:43.316Z
NVD
Status : Received
Published: 2024-11-22T21:15:23.787
Modified: 2024-11-22T21:15:23.787
Link: CVE-2024-9257
Redhat
No data.