CVE-2024-6789

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:m-files:m-files_server:*:*:*:*:lts:*:*:*
cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*

History

16 Sep 2024, 07:15

Type Values Removed Values Added
Summary (en) A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files (en) A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

06 Sep 2024, 22:31

Type Values Removed Values Added
First Time M-files
M-files m-files Server
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://product.m-files.com/security-advisories/cve-2024-6789/ - () https://product.m-files.com/security-advisories/cve-2024-6789/ - Vendor Advisory
CPE cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*
cpe:2.3:a:m-files:m-files_server:*:*:*:*:lts:*:*:*

27 Aug 2024, 13:01

Type Values Removed Values Added
Summary
  • (es) Un problema de path traversal en el endpoint de API en M-Files Server anterior a la versión 24.8.13981.0 permite que un usuario autenticado lea archivos

27 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 10:15

Updated : 2024-09-16 07:15


NVD link : CVE-2024-6789

Mitre link : CVE-2024-6789

CVE.ORG link : CVE-2024-6789


JSON object : View

Products Affected

m-files

  • m-files_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')