CVE-2024-47531 Vulnerability Details

  /     /     /  

CVE-2024-47531 Metadata Quick Info

CVE Published: 30/09/2024 | CVE Updated: 30/09/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: Clinical-Genomics | Product: scout
Status : PUBLISHED

---

CVE-2024-47531 Description

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users\' devices or data. This vulnerability is fixed in 4.89.

Metrics

CVSS Version: 3.1 | Base Score: 4.6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-116
CWE Name: CWE-116: Improper Encoding or Escaping of Output
Source: Clinical-Genomics

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).