CVE-2024-52055 | THREATINT

Description

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.

PUBLISHED Reserved 2024-11-05 | Published 2024-11-21 | Updated 2024-11-21 | Assigner rapid7

HIGH: 8.2CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

4.3.0 (cpe) before 4.9.1

affected

References

www.wowza.com/.../wowza-streaming-engine-4-9-1-release-notes

www.rapid7.com/...abilities-in-wowza-streaming-engine-fixed/

cve.org (CVE-2024-52055)

nvd.nist.gov (CVE-2024-52055)

Download JSON