CVE-2024-47515

{"id": "CVE-2024-47515", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-12-24T04:15:05.750", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47515", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-61"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Pagure. El soporte de enlaces simb\u00f3licos durante el archivado de repositorios permite la divulgaci\u00f3n de archivos locales. Esta falla permite que un usuario malintencionado aproveche la instancia de Pagure."}], "lastModified": "2025-02-06T09:15:11.257", "sourceIdentifier": "secalert@redhat.com"}