Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-51645

4.7MEDIUM

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 22 November 2024

What is CVE-2023-51645?

The Allegra unzipFile method contains a vulnerability that permits attackers to execute arbitrary code through directory traversal. The flaw arises from inadequate validation of user-supplied paths before they are utilized in file operations. Although the exploitation of this vulnerability requires authentication, attackers can circumvent the authentication mechanism, making affected installations susceptible to remote code execution in the context of LOCAL SERVICE. This vulnerability highlights the critical need for robust input validation to prevent unauthorized access and code execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Allegra 7.5.0 build 29

References

https://www.zerodayinitiative.com/advisories/ZDI-24-101/

x_research-advisory

https://www.trackplus.com/en/service/release-notes-reader...

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Dec 20, 2023

JSON

Allegra