漏洞详情: CVE-2024-3318

漏洞标题
SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability
来源:NVD
SailPoint Delimited File Connector 安全漏洞
来源:CNNVD
漏洞描述
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources.
来源:NVD
SailPoint Delimited File Connector是SailPoint公司的一种只读且规则驱动的连接器。 SailPoint Delimited File Connector存在安全漏洞,该漏洞源于存在文件路径遍历漏洞,允许经过身份验证的管理员设置任意连接器属性,从而允许用户访问其他源上传的文件。
来源:CNNVD
None
来源:神龙机器人
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
来源:NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
来源:神龙机器人, 准确率:6/8 = 75.00%
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:NVD
其他
来源:CNNVD
相关链接