CVE-2024-23768
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-23768 is a vulnerability in Dremio versions 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2, which allows path traversal. An authenticated user without privileges on certain folders can gain unauthorized access to those folders, along with the files and datasets within them if they have access to the source and at least one folder within it. The issue can be remediated by updating to fixed versions 24.3.1 and later, 23.2.4 and later, or 22.2.3 and later. This vulnerability has a base severity of HIGH according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, potentially posing a significant danger to organizations' integrity and confidentiality of data if exploited successfully.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions