CVE-2024-3318

{"id": "CVE-2024-3318", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sailpoint.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2024-05-15T16:15:10.963", "references": [{"url": "https://www.sailpoint.com/security-advisories/", "source": "psirt@sailpoint.com"}, {"url": "https://www.sailpoint.com/security-advisories/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@sailpoint.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de path traversal de archivo en el conector en la nube DelimitedFileConnector que permit\u00eda a un administrador autenticado establecer atributos de conector arbitrarios, incluido el atributo \u201carchivo\u201d, lo que a su vez permit\u00eda al usuario acceder a archivos cargados para otras fuentes."}], "lastModified": "2024-11-21T09:29:23.120", "sourceIdentifier": "psirt@sailpoint.com"}