DNA View

CVE-2024-6789

Medium

Low Medium High Critical

6.5

CVSS Score

Published: Aug 27, 2024

Last Modified: Feb 23, 2026

CWE: CWE-22

Vulnerability Description

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

6.5

out of 10.0

Medium

Weakness Type (CWE)

CWE-22 Top 25 #6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description: The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Base