Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Path Injection  on Enrichment Sources leading to arbitrary file write in /tmp folder

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-0006

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 4.3

Severity: Medium

CVE: CVE-2024-33858

CWE: CWE-73

Date Published: 2024-04-30

Description:

A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Comments

Article is closed for comments.

Related articles

  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • XSS in "Interesting Fields" in Logpoint Web UI
  • Template injection in Search Template
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • DUO Security
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.