Jacopoaugelli

**Name of the Vulnerable Software and Affected Versions** Vedo Suite version 2024.17 **Description** A path traversal issue exists in Vedo Suite 2024.17 that may allow remote authenticated attackers to read arbitrary filesystem files. The issue is due to an unsanitized `file get contents()` function call within the `/api vedo/template` API endpoint. **Recommendations** As a temporary workaround, consider restricting access to the `/api vedo/template` API endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Vedo Suite version 2024.17 **Description** The application stores credentials in clear-text within the `/api vedo/configuration/config.yml` file. This file contains sensitive information, including credentials, secret keys, and database information. **Recommendations** Ensure the `/api vedo/configuration/config.yml` file is appropriately secured to prevent unauthorized access.