CVE-2023-48249

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 10, 2024
Updated: Jan 16, 2024
CWE ID 22

Summary

CVE-2023-48249 is a newly disclosed vulnerability that enables authenticated remote attackers to list arbitrary folders in the system under the application OS user ("root") privilege. By crafting specific HTTP requests, an attacker can exploit this vulnerability and gain unauthorized access to sensitive information. The potential impact of this issue is significant, as it allows an attacker to steal session cookies of other active users, increasing the risk of data breaches and unauthorized access to applications and services. This vulnerability underscores the importance of securing web applications against unauthorized access and ensuring that authenticated users have the appropriate level of permissions to prevent information leaks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share