CVE-2024-6789

Summary

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

Affected Software

VendorProductVersion RangeStatus
M-Files CorporationM-Files Server0 < 24.8.13981.0affected
M-Files CorporationM-Files ServerLTS 24.2.0 < LTS 24.2.13421.15 SR2affected
M-Files CorporationM-Files ServerLTS 23.8.0 < LTS 23.8.12892.0 SR6affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References