Allegra saveFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-52333

7.3HIGH

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 22 November 2024

What is CVE-2023-52333?

A directory traversal vulnerability has been identified within the saveFile method of Allegra. This flaw arises from insufficient validation of user-supplied paths, allowing attackers with valid authentication to manipulate file operations. By exploiting this vulnerability, a remote attacker can execute arbitrary code with the privileges of the LOCAL SERVICE account. This poses significant security risks as it may lead to unauthorized operations on affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Allegra 7.5.0 build 29

References

https://www.zerodayinitiative.com/advisories/ZDI-24-104/

x_research-advisory

https://www.trackplus.com/en/service/release-notes-reader...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Jan 11, 2024

JSON

Allegra