CVE-2024-34015

Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security-advisory.acronis.com/advisories/SEC-7601

Configurations

No configuration.

History

27 Feb 2025, 23:15

Type	Values Removed	Values Added
Summary	~~(en) Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.~~	(en) Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.

Information

Published : 2024-11-11 14:15

Updated : 2025-02-27 23:15

NVD link : CVE-2024-34015

Mitre link : CVE-2024-34015

CVE.ORG link : CVE-2024-34015

JSON object : View

Products Affected

No product.

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

3.3 /10