FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-34015

UNIX Symbolic Link (Symlink) Following (CWE-61)

Published: Nov 11, 2024 / Updated: 8d ago

010
No CVSS yetEPSS 0.04%
CVE info copied to clipboard

Sensitive information disclosure during file browsing due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.

Timeline

Vendor Advisory

Acronis released a security advisory (SEC-7601).

Nov 11, 2024 at 1:00 PM
CVE Assignment

NVD published the first details for CVE-2024-34015

Nov 11, 2024 at 2:15 PM
First Article

Feedly found the first article mentioning CVE-2024-34015. See article

Nov 11, 2024 at 2:19 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 11, 2024 at 2:19 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.1%)

Nov 12, 2024 at 9:54 AM
Static CVE Timeline Graph

Affected Systems

Linux
+null more

Attack Patterns

CAPEC-27: Leveraging Race Conditions via Symbolic Links
+null more

News

CVE-2024-34015
Newest CVEs from Tenable / 7d
Low Severity Description Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818. Read more at https://www.tenable.com/cve/CVE-2024-34015
NA - CVE-2024-34015 - Sensitive information disclosure during file...
Security-Database Alerts Monitor : Last 100 Alerts / 8d
Sensitive information disclosure during file browsing due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.
CVE-2024-34015 | Acronis Backup Plugin for cPanel & WHM up to 817 on Linux symlink
VulDB Recent Entries / 8d
A vulnerability was found in Acronis Backup Plugin for cPanel & WHM up to 817 on Linux. It has been declared as critical . This vulnerability affects unknown code. The manipulation leads to symlink following. This vulnerability was named CVE-2024-34015 . An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-34015 - Acronis Backup plugin for cPanel & WHM Unlinked File Exposure
Latest Vulnerabilities / 8d
CVE ID : CVE-2024-34015 Published : Nov. 11, 2024, 2:15 p.m. 46 minutes ago Description : Sensitive information disclosure during file browsing due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818. Severity:
CVE-2024-34015
National Vulnerability Database / 8d
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.
See 6 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-61(64)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial