Lucene search

@huntr_aiCVE-2024-1932

HistoryFeb 28, 2024 - 12:15 a.m.

CVE-2024-1932

2024-02-2800:15:54

CWE-434

@huntr_ai

web.nvd.nist.gov

cve-2024-1932

unrestricted file upload

freescout

helpdesk

security vulnerability

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout

Affected configurations

Vulnrichment

Node

freescout_helpdeskfreescoutMatch1.8.148

VendorProductVersionCPE
freescout_helpdeskfreescout1.8.148cpe:2.3:a:freescout_helpdesk:freescout:1.8.148:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freescout_helpdesk	freescout	1.8.148	cpe:2.3:a:freescout_helpdesk:freescout:1.8.148:::::::*

CNA Affected

[
  {
    "vendor": "freescout-helpdesk",
    "product": "freescout-helpdesk/freescout",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/fefd711e-3bf0-4884-9acc-167649c1f9a2

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1932