CVE-2024-1076 Vulnerability Details

  /     /     /  

CVE-2024-1076 Metadata Quick Info

CVE Published: 08/05/2024 | CVE Updated: 30/08/2024 | CVE Year: 2024
Source: WPScan | Vendor: Unknown | Product: SSL Zen
Status : PUBLISHED

---

CVE-2024-1076 Description

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site\'s generated private keys, which allows an attacker to read them if the site runs on a server who doesn\'t support .htaccess files, like NGINX.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-548 Exposure of Information Through Directory Listing
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).