CVE-2024-54453

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://kurmi-software.com
https://kurmi-software.com/cve/cve-2024-54453/

Configurations

No configuration.

History

31 Dec 2024, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Se descubrió un problema en Kurmi Provisioning Suite anterior a 7.9.0.35, 7.10.x a 7.10.0.18 y 7.11.x a 7.11.0.15. Una vulnerabilidad de path traversal en el servlet DocServlet permite a atacantes remotos recuperar cualquier archivo de la carpeta de instalación de la aplicación web Kurmi, por ejemplo, archivos como el código fuente de Kurmi ofuscado y/o compilado.
CWE		CWE-22

27 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 20:15

Updated : 2024-12-31 19:15

NVD link : CVE-2024-54453

Mitre link : CVE-2024-54453

CVE.ORG link : CVE-2024-54453

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.5 /10