CVE-2024-48019

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

Related Vulnerabilities

CVE-2018-14654

MEDIUM
CVSS:5.4(Medium)

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

CWE-222018

CVE-2019-14362

MEDIUM
CVSS:5.4(Medium)

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewA...

CWE-222019

CVE-2019-5936

MEDIUM
CVSS:5.4(Medium)

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

CWE-222019

CVE-2020-15941

MEDIUM
CVSS:5.4(Medium)

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete ...

CWE-222020

CVE-2020-4209

MEDIUM
CVSS:5.4(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...

CWE-222020

CVE-2021-25367

MEDIUM
CVSS:5.4(Medium)

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

CWE-222021