CVE-2024-4836
CVSS V2 None
CVSS V3 None
Description
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user.
The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
Overview
- CVE ID
- CVE-2024-4836
- Assigner
- CERT-PL
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-02T08:44:05.732Z
- Last Modified Date
- 2024-07-02T18:18:27.772Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.edito.pl/ | product |
| https://cert.pl/en/posts/2024/07/CVE-2024-4836 | third-party-advisory |
| https://cert.pl/posts/2024/07/CVE-2024-4836 | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-4836 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4836 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-03 13:04:36 | Added to TrackCVE |