CVE-2024-7564

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680.
References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-24-1021/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:logsign:unified_secops_platform:6.4.11:*:*:*:*:*:*:*

History

07 Aug 2024, 19:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:logsign:unified_secops_platform:6.4.11:*:*:*:*:*:*:*
First Time Logsign unified Secops Platform
Logsign
References () https://www.zerodayinitiative.com/advisories/ZDI-24-1021/ - () https://www.zerodayinitiative.com/advisories/ZDI-24-1021/ - Third Party Advisory, VDB Entry
Summary
  • (es) Vulnerabilidad de divulgación de información Directory Traversal de la plataforma Logsign Unified SecOps. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre las instalaciones afectadas de Logsign Unified SecOps Platform. Se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe dentro del endpoint get_response_json_result. El problema se debe a la falta de validación adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para revelar información en el contexto de la raíz. Era ZDI-CAN-24680.

06 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 16:15

Updated : 2024-08-07 19:59


NVD link : CVE-2024-7564

Mitre link : CVE-2024-7564

CVE.ORG link : CVE-2024-7564


JSON object : View

Products Affected

logsign

  • unified_secops_platform
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')