Path Injection Vulnerability in Logpoint Software
CVE-2024-33858

Currently unrated

Key Information:

Vendor: Logpoint
Status: Logpoint Software
Vendor: CVE Published:; 7 May 2024

What is CVE-2024-33858?

A path injection vulnerability exists in Logpoint software prior to version 7.4.0, allowing attackers to manipulate the source_name parameter when adding a CSV enrichment source. This manipulation can lead to the writing of CSV files to arbitrary paths within the /tmp directory, posing a significant risk of file system compromise. Organizations utilizing affected versions should assess their exposure and implement the necessary patches to mitigate this potential security threat.

References

https://www.logpoint.com/

https://servicedesk.logpoint.com/hc/en-us/articles/185336...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Apr 27, 2024