CVE-2024-36079

Name of the Vulnerable Software and Affected Versions Vaultize version 21.07.27

Description An issue was discovered in the software where there is no check that the filename parameter is correct when uploading files. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.

Recommendations For Vaultize version 21.07.27, consider implementing a check for the filename parameter to ensure it is correct before allowing file uploads and downloads. As a temporary workaround, restrict access to file upload and download functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.