CVE-2024-47071

Sažetak

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

Reference

https://github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww

CVSS

Base:	6.8
Impact:	4.0
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Zadnje važnije ažuriranje

04-10-2024 - 13:51

Objavljeno

01-10-2024 - 16:15