CVE-2023-48249

Name of the Vulnerable Software and Affected Versions Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner (affected versions not specified)

Description The issue is related to incorrect restriction of a directory path with limited access. An authenticated remote attacker can list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. This can potentially allow the attacker to steal session cookies of other active users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.