CVE-2024-4461

CVSS V2 None CVSS V3 None

Description

Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation.

Overview

CVE ID
CVE-2024-4461

Assigner
INCIBE

Vulnerability Status
PUBLISHED

Published Version
2024-05-03T10:52:25.899Z

Last Modified Date
2024-06-06T19:49:54.155Z

Weakness Enumerations

CWE	URL
CWE-428	http://cwe.mitre.org/data/definitions/428.html

References

Reference URL	Reference Tags
https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-path-or-search-item-vulnerability-sugarsync

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-4461
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4461

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 22:15:23				Added to TrackCVE