CVE-2024-7564

Summary

CVE-2024-7564 is a directory traversal information disclosure vulnerability affecting Logsign Unified SecOps Platform. This issue enables remote attackers, after successful authentication, to access sensitive information on affected installations. The root cause of the vulnerability lies in the lack of proper validation of user-supplied paths used in file operations. Specifically, the get_response_json_result endpoint is susceptible to this issue, allowing an attacker to disclose data with the privileges of the root user. ZDI-CAN-24680 discovered and disclosed this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.