CVE-2024-23768

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 22, 2024
Updated: Jan 26, 2024
CWE ID 22

Summary

CVE-2024-23768 is a vulnerability in Dremio versions 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2, which allows path traversal. An authenticated user without privileges on certain folders can gain unauthorized access to those folders, along with the files and datasets within them if they have access to the source and at least one folder within it. The issue can be remediated by updating to fixed versions 24.3.1 and later, 23.2.4 and later, or 22.2.3 and later. This vulnerability has a base severity of HIGH according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, potentially posing a significant danger to organizations' integrity and confidentiality of data if exploited successfully.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23768 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options