CVE-2023-5079: Input Validation
First published: Wed Nov 08 2023(Updated: )
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <7.0.25.99 |
Remedy
Update the application to version 7.0.25.99 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Lenovo LeCloud App vulnerability?
The vulnerability ID is CVE-2023-5079.
What is the severity rating of CVE-2023-5079?
The severity rating of CVE-2023-5079 is high.
What is the affected software?
The affected software is Lenovo LeCloud App.
How does the Lenovo LeCloud App vulnerability allow attackers to access arbitrary components and arbitrary file downloads?
The vulnerability allows attackers to exploit improper input validation, which leads to unauthorized access to components and file downloads.
Is there a fix available for CVE-2023-5079?
Yes, Lenovo has released a fix for the vulnerability. It is recommended to update to the latest version of Lenovo LeCloud App.
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/lenovo
- canonical/lenovo lecloud