CVE-2024-3706

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 12, 2024

Updated: Jul 5, 2024

CWE ID 94

Summary

CVE-2024-3706 is an information exposure vulnerability that affects OpenGnsys version 1.1.1d (Espeto). An attacker can exploit this vulnerability to gain access to a php backup file named controlaccess.php-LAST, which contains sensitive database credentials. The exposure of these credentials could potentially lead to unauthorized access to the affected system or database. It is recommended that users of OpenGnsys version 1.1.1d upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MLFlow

Affected Vendors

MLflow

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wNZamW
https://www.cve.org/CVERecord?id=CVE-2024-3706
https://nvd.nist.gov/vuln/detail/CVE-2024-3706

Back to Vulnerability Database