How severe is CVE-2024-5587?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-5587?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2024-5587 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2019-14273

MEDIUM

CVSS:5.3(Medium)

In SilverStripe assets 4.0, there is broken access control on files.

CWE-5522019

CVE-2019-20593

MEDIUM

CVSS:5.3(Medium)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

CWE-5522019

CVE-2019-3897

MEDIUM

CVSS:5.3(Medium)

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this ...

CWE-5522019

CVE-2020-10105

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an att...

CWE-5522020

CVE-2020-13953

MEDIUM

CVSS:5.3(Medium)

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

CWE-5522020

CVE-2021-33843

MEDIUM

CVSS:5.3(Medium)

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su...

CWE-5522021