Vulnerability Details CVE-2024-33858
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v3 Score 5.3
References
- https://servicedesk.logpoint.com/hc/en-us/articles/18533668045725-Path-Injection-on-Enrichment-Sources-leading-to-arbitrary-file-write-in-tmp-folder
- https://www.logpoint.com/
- https://servicedesk.logpoint.com/hc/en-us/articles/18533668045725-Path-Injection-on-Enrichment-Sources-leading-to-arbitrary-file-write-in-tmp-folder
- https://www.logpoint.com/
Products affected by CVE-2024-33858
-
cpe:2.3:a:logpoint:siem:6.10.0
-
cpe:2.3:a:logpoint:siem:7.1.0
-
cpe:2.3:a:logpoint:siem:7.1.1
-
cpe:2.3:a:logpoint:siem:7.1.2
-
cpe:2.3:a:logpoint:siem:7.3.0