CVSS 3.1 Score 8.8 of 10 (high)


Published Jan 22, 2024
Updated: Jan 26, 2024


CVE-2024-23768 is a vulnerability in Dremio versions 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2, which allows path traversal. An authenticated user without privileges on certain folders can gain unauthorized access to those folders, along with the files and datasets within them if they have access to the source and at least one folder within it. The issue can be remediated by updating to fixed versions 24.3.1 and later, 23.2.4 and later, or 22.2.3 and later. This vulnerability has a base severity of HIGH according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, potentially posing a significant danger to organizations' integrity and confidentiality of data if exploited successfully.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-23768 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions