Adobe Commerce Path Traversal Vulnerability Impacts Multiple Releases

CVE-2024-39406

6.8MEDIUM

Key Information

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 14 August 2024

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

Affected Version(s)

Adobe Commerce <= 2.4.4-p9

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 14, 2024
Vulnerability Reserved.
Jun 24, 2024

Collectors

NVD DatabaseMitre Database