How severe is CVE-2024-31220?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-31220?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-31220 - HIGH Severity | CVSS 7.3

Vulnerability Description

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall.

Related Vulnerabilities

CVE-2016-10037

HIGH

CVSS:7.3(High)

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, rel...

CWE-222016

CVE-2016-10038

HIGH

CVSS:7.3(High)

CWE-222016

CVE-2016-10039

HIGH

CVSS:7.3(High)

CWE-222016

CVE-2017-7358

HIGH

CVSS:7.3(High)

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user l...

CWE-222017

CVE-2019-3696

HIGH

CVSS:7.3(High)

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance...

CWE-222019

CVE-2019-6754

HIGH

CVSS:7.3(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the targe...

CWE-222019