216.73.217.80

CVE-2024-4836

· Published 02/07/2024 09:15 · Modified 02/07/2024 12:09

Labels: CVE-2024-4836 2024-07-02CVE-2024-4836CWE-552[email protected]

Essential information

Published
02/07/2024 09:15
Modified
02/07/2024 12:09
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References