Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Dremio 安全漏洞
Vulnerability Description
Dremio是美国Dremio公司的一个数据即服务平台,提供快速、自助的数据分析方法。 Dremio 24.3.1之前版本存在安全漏洞,该漏洞源于允许路径遍历,对某些文件夹没有权限的经过身份验证的用户可以访问这些文件夹、文件和数据集。
CVSS Information
N/A
Vulnerability Type
N/A