Lucene search

[email protected]NVD:CVE-2024-39303

HistoryJul 01, 2024 - 7:15 p.m.

CVE-2024-39303

2024-07-0119:15:05

CWE-73

[email protected]

web.nvd.nist.gov

weblate

version 5.6.2

unauthorized access

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.7%

JSON

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn’t correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

Affected configurations

Nvd

Node

weblateweblateRange4.14–5.6.2

VendorProductVersionCPE
weblateweblate*cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
weblate	weblate	*	cpe:2.3:a:weblate:weblate::::::::

References

github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd

github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.7%

JSON

Related for NVD:CVE-2024-39303

osv3 veracode1 cvelist1 cve1 github1 vulnrichment1