CVE-2023-24698

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 8, 2023

Updated: Aug 15, 2023

CWE ID 22

Summary

CVE-2023-24698 is a vulnerability affecting Foswiki versions 2.1.7 and below. The issue lies in the Foswiki::Sandbox component's insufficient parameter validation. This weakness enables attackers to execute a directory traversal attack by crafting malicious web requests. The vulnerability could potentially allow unauthorized access to sensitive information or system compromise. Users are strongly encouraged to update their Foswiki installation to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foswiki

Affected Vendors

Foswiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sQIO9s
https://www.cve.org/CVERecord?id=CVE-2023-24698
https://nvd.nist.gov/vuln/detail/CVE-2023-24698

Back to Vulnerability Database