1. Home
  2. CVE Database
  3. CVE-2024-36079
MEDIUM · 6.5

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified direct...

Vulnerability Description

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2024-36079?

CVE-2024-36079 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified direct...

How severe is CVE-2024-36079?

CVE-2024-36079 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-36079?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.