Advisory

漏洞通報

2024-06-05

ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties

ZUSOART ID ZA-2024-01
CVE ID CVE-2024-5262
Vulnerability Type CWE-552: Files or Directories Accessible to External Parties
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (9.3)
Description Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.
Vendor ProjectDiscovery
Product
Category Version affected
Interactsh from v0.0.6 through v1.1.9
Product Support Update to Interactsh server v1.2.0
Release date 2024/06/05
Credit Tsung Ju Wu (Daniel Wu) of ZUSO ART
<< Back index
top