216.73.217.64

CVE-2024-36079

· Published 24/05/2024 22:15 · Modified 24/05/2024 22:15

Labels: CVE-2024-36079 2024-05-24CVE-2024-36079[email protected]

Essential information

Published
24/05/2024 22:15
Modified
24/05/2024 22:15
Author
Creator
CISA KEV
No
CWE

Description

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References