How severe is CVE-2024-30370?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-30370?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2024-30370 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.

Related Vulnerabilities

CVE-2019-12938

MEDIUM

CVSS:4.3(Medium)

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via...

CWE-6932019

CVE-2021-1517

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerabilit...

CWE-6932021

CVE-2021-31608

MEDIUM

CVSS:4.3(Medium)

Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.

CWE-6932021

CVE-2022-43432

MEDIUM

CVSS:4.3(Medium)

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers f...

CWE-6932022

CVE-2022-43433

MEDIUM

CVSS:4.3(Medium)

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for do...

CWE-6932022

CVE-2023-0141

MEDIUM

CVSS:4.3(Medium)

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CWE-6932023