Lucene search

KasperskyVULNRICHMENT:CVE-2024-5865

HistoryJul 02, 2024 - 3:55 p.m.

CVE-2024-5865 Arbitrary File Reading in Centrify PAS

2024-07-0215:55:23

CWE-26

Kaspersky

github.com

cve-2024-5865

centrify pas

vulnerability

arbitrary file reading

path traversal

web publish directory

patch

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.

CNA Affected

[
  {
    "vendor": "Delinea",
    "product": "Centrify PAS",
    "versions": [
      {
        "status": "affected",
        "version": "v. 21.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-5865