Plataforma
other
Componente
m-files-server
Corregido en
24.8.13981.0
LTS 24.2.13421.15 SR2
LTS 23.8.12892.0 SR6
CVE-2024-6789 describes a path traversal vulnerability discovered in M-Files Server. This flaw allows an authenticated user to read files outside of the intended directory, potentially exposing sensitive data. The vulnerability affects versions prior to LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6. A fix is available in LTS 24.2.13421.15 SR2.
The impact of this path traversal vulnerability is significant, as it allows an authenticated user to bypass access controls and read arbitrary files on the server. An attacker could potentially access configuration files, database credentials, or other sensitive data stored on the system. This could lead to data breaches, privilege escalation, and further compromise of the M-Files Server environment. The ability to read files outside the intended directory represents a serious security risk, particularly if the server stores confidential information.
CVE-2024-6789 was publicly disclosed on August 27, 2024. There is currently no indication of active exploitation or KEV listing. Public proof-of-concept code is not yet available, but the path traversal nature of the vulnerability suggests that it could be relatively easy to exploit once a PoC is developed. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing M-Files Server with versions prior to LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 are at risk. This includes deployments where user authentication is enabled and file access permissions are not strictly enforced. Shared hosting environments utilizing M-Files Server are particularly vulnerable.
disclosure
Estado del Exploit
EPSS
0.92% (76% percentil)
CISA SSVC
The primary mitigation for CVE-2024-6789 is to upgrade M-Files Server to version LTS 24.2.13421.15 SR2 or later. Prior to upgrading, it is recommended to review the M-Files Server release notes for any potential compatibility issues or breaking changes. Consider implementing stricter access controls and file permissions to limit the potential impact of this vulnerability, even after patching. Regularly audit file system access logs to detect any suspicious activity.
Actualice M-Files Server a la versión 24.8.13981.0, LTS 24.2.13421.15 SR2 o LTS 23.8.12892.0 SR6, o posterior, según corresponda a su rama de soporte. Esto corrige la vulnerabilidad de recorrido de ruta.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-6789 is a vulnerability allowing authenticated users to read arbitrary files on M-Files Server versions before LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6.
You are affected if you are running M-Files Server versions 0–LTS 24.2.13421.15 SR2 or LTS 23.8.12892.0 SR6. Check your version against the fixed version.
Upgrade M-Files Server to LTS 24.2.13421.15 SR2 or a later version. Review release notes before upgrading.
There is currently no indication of active exploitation, but the vulnerability's nature suggests potential for exploitation.
Refer to the official M-Files security advisory for CVE-2024-6789 on the M-Files website.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.