CVE-2024-7738

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVSS v3 7.8 HIGH
CVSS v2.0 1.7 LOW

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md	Broken Link
https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4	Broken Link
https://vuldb.com/?ctiid.274358	Permissions Required
https://vuldb.com/?id.274358	Third Party Advisory
https://vuldb.com/?submit.385634	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yzane:markdown_pdf:1.5.0:*:*:*:*:vscode:*:*

History

13 Sep 2024, 16:03

Type	Values Removed	Values Added
First Time		Yzane Yzane markdown Pdf
CVSS	v2 : ~~1.7~~ v3 : ~~3.3~~	v2 : 1.7 v3 : 7.8
CWE		CWE-22
CPE		cpe:2.3:a:yzane:markdown_pdf:1.5.0:::::vscode::
References	~~() https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md -~~	() https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md - Broken Link
References	~~() https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 -~~	() https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 - Broken Link
References	~~() https://vuldb.com/?ctiid.274358 -~~	() https://vuldb.com/?ctiid.274358 - Permissions Required
References	~~() https://vuldb.com/?id.274358 -~~	() https://vuldb.com/?id.274358 - Third Party Advisory
References	~~() https://vuldb.com/?submit.385634 -~~	() https://vuldb.com/?submit.385634 - Third Party Advisory
Summary		(es) Una vulnerabilidad fue encontrada en yzane vscode-markdown-pdf 1.5.0 y clasificada como problemática. Una función desconocida del componente Markdown File Handler es afectada por esta vulnerabilidad. La manipulación conduce a pathname traversal. Atacar localmente es un requisito. El exploit ha sido divulgado al público y puede utilizarse.

13 Aug 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 19:15

Updated : 2024-09-13 16:03

NVD link : CVE-2024-7738

Mitre link : CVE-2024-7738

CVE.ORG link : CVE-2024-7738

JSON object : View

Products Affected

yzane

markdown_pdf

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-21

DEPRECATED: Pathname Traversal and Equivalence Errors

7.8 /10