CVE-2024-42485

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024

Updated: Sep 18, 2024

CWE ID 22

Summary

CVE-2024-42485 is a vulnerability affecting Filament Excel, a component that enables Excel export for Filament admin resources. The issue resides in the download route for the exported files, which was found to allow unauthenticated downloads of any file when the webserver permits the use of `../` in URLs. This vulnerability has been mitigated in Filament Excel version v2.3.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xbkukK
https://www.cve.org/CVERecord?id=CVE-2024-42485
https://nvd.nist.gov/vuln/detail/CVE-2024-42485

Back to Vulnerability Database

CVE-2024-42485

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations