CVE-2024-56317

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-281
View all →

Vulnerability Description

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

Related Vulnerabilities

CVE-2001-1515

HIGH
CVSS:7.5(High)

Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less re...

CWE-2812001

CVE-2005-1920

HIGH
CVSS:7.5(High)

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and ...

CWE-2812005

CVE-2019-0233

HIGH
CVSS:7.5(High)

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

CWE-2812019

CVE-2019-20843

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

CWE-2812019

CVE-2019-20846

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.

CWE-2812019

CVE-2020-13763

HIGH
CVSS:7.5(High)

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

CWE-2812020