CVE-2024-33858

Medium

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The…

mitre·CWE-91·Published 2024-05-07

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

259 chars

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.

NVDen

259 chars

NVDes

282 chars

Se descubrió un problema en Logpoint antes de 7.4.0. Se observa una vulnerabilidad de inyección de ruta al agregar una fuente de enriquecimiento CSV. El parámetro source_name podría cambiarse a una ruta absoluta; esto escribirá el archivo CSV en esa ruta dentro del directorio /tmp.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L