← Back to CVEs
CVE-2024-38449
HIGH7.7
Description
A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.
CVE Details
CVSS v3.1 Score7.7
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/17/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-22
References
https://github.com/kasmtech/KasmVNC/issues/254(cve@mitre.org)
https://kasmweb.atlassian.net/servicedesk/customer/portal/3/topic/30ffee7f-4b85-4783-b118-6ae4fd8b0c52(cve@mitre.org)
https://kasmweb.com/kasmvnc(cve@mitre.org)
https://github.com/kasmtech/KasmVNC/issues/254(af854a3a-2127-422b-91ae-364da2661108)
https://kasmweb.atlassian.net/servicedesk/customer/portal/3/topic/30ffee7f-4b85-4783-b118-6ae4fd8b0c52(af854a3a-2127-422b-91ae-364da2661108)
https://kasmweb.com/kasmvnc(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.