CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5580	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2024-10-15 06:15

Updated : 2024-11-08 15:33

NVD link : CVE-2024-0129

Mitre link : CVE-2024-0129

CVE.ORG link : CVE-2024-0129

JSON object : View

Products Affected

apple

macos

linux

linux_kernel

nvidia

nemo

microsoft

windows

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-0129", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-15T06:15:02.520", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5580", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering."}, {"lang": "es", "value": "NVIDIA NeMo contiene una vulnerabilidad en SaveRestoreConnector que puede provocar un problema de path traversal mediante una extracci\u00f3n de archivo .tar no segura. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo y la manipulaci\u00f3n de datos."}], "lastModified": "2024-11-08T15:33:26.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A6D747-9870-4E4F-A536-D441B634AF25", "versionEndIncluding": "r2.0.0rc0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}