CVE-2024-11309

Relative Path Traversal (CWE-23)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-11309

Nov 18, 2024 at 6:15 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Nov 18, 2024 at 6:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-11309. See article

Nov 18, 2024 at 6:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 6:21 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 38.3%)

Nov 19, 2024 at 9:42 AM
Static CVE Timeline Graph

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

News

High - CVE-2024-11309 - The DVC from TRCore has a Path Traversal...
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-11309
High Severity Description The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Read more at https://www.tenable.com/cve/CVE-2024-11309
CVE-2024-11309 | TRCore DVC up to 6.3 System Files path traversal
A vulnerability was found in TRCore DVC up to 6.3 and classified as problematic . Affected by this issue is some unknown functionality of the component System Files Handler . The manipulation leads to relative path traversal. This vulnerability is handled as CVE-2024-11309 . The attack may be launched remotely. There is no exploit available.
CVE-2024-11309 - TRCore - Unauthenticated Path Traversal Vulnerability
CVE ID : CVE-2024-11309 Published : Nov. 18, 2024, 6:15 a.m. 49 minutes ago Description : The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Severity: 7.5 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-11309
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system...
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI