CVE-2023-48249
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-48249 is a newly disclosed vulnerability that enables authenticated remote attackers to list arbitrary folders in the system under the application OS user ("root") privilege. By crafting specific HTTP requests, an attacker can exploit this vulnerability and gain unauthorized access to sensitive information. The potential impact of this issue is significant, as it allows an attacker to steal session cookies of other active users, increasing the risk of data breaches and unauthorized access to applications and services. This vulnerability underscores the importance of securing web applications against unauthorized access and ensuring that authenticated users have the appropriate level of permissions to prevent information leaks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Bosch