CVE-2024-5262 – github.com/projectdiscovery/interactsh

Package

Manager: go
Name: github.com/projectdiscovery/interactsh
Vulnerable Version: >=0 <1.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00436 pctl0.62126

Details

Files or Directories Accessible to External Parties in ProjectDiscovery Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.

Metadata

Created: 2024-06-05T06:30:39Z
Modified: 2024-06-17T15:21:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-q5mg-pc7r-r8cr/GHSA-q5mg-pc7r-r8cr.json
CWE IDs: ["CWE-552"]
Alternative ID: GHSA-q5mg-pc7r-r8cr
Finding: F123
Auto approve: 1