Adobe Commerce Path Traversal Vulnerability Impacts Multiple Releases
CVE-2024-39406

6.8MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 14 August 2024

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p9

References

https://helpx.adobe.com/security/products/magento/apsb24-...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jun 24, 2024