CVE-2024-2045

Summary

Session version 1.17.5 allows obtaining internal application files and public

files from the user's device without the user's consent. This is possible

because the application is vulnerable to Local File Read via chat attachments.

Affected Software

VendorProductVersion RangeStatus
SessionSession1.17.5affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References