1. Home
  2. CVE Database
  3. CVE-2024-4836
HIGH · 7.5

CVE-2024-4836

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue ...

Vulnerability Description

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-552

References

FAQ

What is CVE-2024-4836?

CVE-2024-4836 is a vulnerability with a CVSS score of 7.5 (HIGH). Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue ...

How severe is CVE-2024-4836?

CVE-2024-4836 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-4836?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.