What is the severity of CVE-2024-23768?

CVE-2024-23768 is categorized as a medium severity vulnerability due to the potential for unauthorized access to files and datasets.

How do I fix CVE-2024-23768?

To fix CVE-2024-23768, upgrade Dremio to version 24.3.1 or later to eliminate the path traversal vulnerability.

Who is affected by CVE-2024-23768?

CVE-2024-23768 affects Dremio versions before 24.3.1, specifically versions 22.2.3 and below, as well as 23.2.4 and below.

What kind of access does an attacker need for CVE-2024-23768?

An attacker needs to be an authenticated user with access to the source and at least one folder in the source to exploit CVE-2024-23768.

What are the implications of CVE-2024-23768?

The implications of CVE-2024-23768 include the risk of unauthorized access to sensitive files and datasets by users lacking proper privileges.

Vulnerability/
CVE-2024-23768

high

8.8

CWE

EPSS

0.049%

22/1/2024

1/8/2024

CVE-2024-23768: Path Traversal

First published: Mon Jan 22 2024(Updated: )

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dremio	>=22.0.0<22.2.3
Dremio	>=23.0.0<23.2.4
Dremio	>=24.0.0<24.3.1

Never miss a vulnerability like this again

Reference Links

https://docs.dremio.com/current/reference/bulletins/2024-01-12-01

Frequently Asked Questions

What is the severity of CVE-2024-23768?
CVE-2024-23768 is categorized as a medium severity vulnerability due to the potential for unauthorized access to files and datasets.
How do I fix CVE-2024-23768?
To fix CVE-2024-23768, upgrade Dremio to version 24.3.1 or later to eliminate the path traversal vulnerability.
Who is affected by CVE-2024-23768?
CVE-2024-23768 affects Dremio versions before 24.3.1, specifically versions 22.2.3 and below, as well as 23.2.4 and below.
What kind of access does an attacker need for CVE-2024-23768?
An attacker needs to be an authenticated user with access to the source and at least one folder in the source to exploit CVE-2024-23768.
What are the implications of CVE-2024-23768?
The implications of CVE-2024-23768 include the risk of unauthorized access to sensitive files and datasets by users lacking proper privileges.

agent/references
agent/first-publish-date
agent/type
agent/description
agent/severity
agent/author
agent/event
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/dremio
canonical/dremio
version/dremio/22.0.0
version/dremio/23.0.0
version/dremio/24.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.