CVE-2024-37372

{"id": "CVE-2024-37372", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.0}]}, "published": "2025-01-09T01:15:08.500", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/11/6", "source": "support@hackerone.com"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/19/3", "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20250502-0010/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases."}, {"lang": "es", "value": "El modelo de permisos supone que cualquier ruta que comience con dos barras invertidas \\ tiene un prefijo de cuatro caracteres que se puede ignorar, lo que no siempre es cierto. Este error sutil conduce a casos extremos vulnerables."}], "lastModified": "2025-05-02T23:15:15.500", "sourceIdentifier": "support@hackerone.com"}