github - ghsa-89q4-gfxm-xg78

ghsa-89q4-gfxm-xg78

Vulnerability from github

Published

2024-06-11 15:31

Modified

2024-06-11 15:31

Details

If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-2461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T13:15:49Z",
    "severity": null
  },
  "details": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible",
  "id": "GHSA-89q4-gfxm-xg78",
  "modified": "2024-06-11T15:31:13Z",
  "published": "2024-06-11T15:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2461"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2024-2461 (GCVE-0-2024-2461)

Vulnerability from cvelistv5

Published

2024-06-11 12:57

Modified

2024-08-01 19:11

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-23 - Relative Path Traversal

Summary

If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible

References

URL

Tags

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202&languageCode=en&Preview=true

Impacted products

Vendor

Product

Version

Version: 0 <
Patch: FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)
Version: FOX61x R15B <
Version: FOX61x R16A
Version: FOX61x R15A

Version: 0   <
Patch: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)
Version: XMC20 R15B   <
Patch: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)
Version: XMC20 R16A   <
Version: XMC20 R15A   <

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T13:58:39.472974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T13:58:58.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOX61x",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOX61x R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
            },
            {
              "status": "affected",
              "version": "FOX61x R16A"
            },
            {
              "status": "affected",
              "version": "FOX61x R15A"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XMC20",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R16A",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
            }
          ],
          "value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T12:57:04.498Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-2461",
    "datePublished": "2024-06-11T12:57:04.498Z",
    "dateReserved": "2024-03-14T17:09:59.168Z",
    "dateUpdated": "2024-08-01T19:11:53.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.