How severe is CVE-2024-47170?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-47170?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2024-47170 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.

Related Vulnerabilities

CVE-2024-0067

MEDIUM

CVSS:4.3(Medium)

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of t...

CWE-352024

CVE-2024-47171

MEDIUM

CVSS:4.3(Medium)

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen locat...

CWE-352024

CVE-2025-40573

MEDIUM

CVSS:4.4(Medium)

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to ...

CWE-352025

CVE-2021-1282

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1364

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2024-52390

MEDIUM

CVSS:4.9(Medium)

: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.

CWE-352024