PT-2024-36339 · Kurmi · Kurmi Provisioning Suite
Published
2024-12-27
·
Updated
2024-12-31
·
CVE-2024-54453
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Kurmi Provisioning Suite versions prior to 7.9.0.35
Kurmi Provisioning Suite versions 7.10.x through 7.10.0.18
Kurmi Provisioning Suite versions 7.11.x through 7.11.0.15
Description:
A path traversal vulnerability in the
DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, including files such as the obfuscated and/or compiled Kurmi source code.Recommendations:
For Kurmi Provisioning Suite versions prior to 7.9.0.35, update to version 7.9.0.35 or later.
For Kurmi Provisioning Suite versions 7.10.x through 7.10.0.18, update to a version later than 7.10.0.18.
For Kurmi Provisioning Suite versions 7.11.x through 7.11.0.15, update to a version later than 7.11.0.15.
As a temporary workaround, consider disabling the
DocServlet servlet until a patch is available.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kurmi Provisioning Suite