CVE-2024-47579

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Dec 10, 2024
CWE ID 538

Summary

CVE-2024-47579 is a vulnerability that allows administrators with access to an exposed webservice to upload custom PDF font files. By uploading a file containing a copied internal file disguised as a font, an attacker can then download the internal file, gaining unauthorized access to read any file on the server. This vulnerability poses a significant risk to data confidentiality without affecting integrity or availability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share