CVE-2024-8262
Published: 03 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-8262 is an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability, classified under CWE-22, in Proliz Software OBS. It affects versions of OBS prior to 24.0927. The vulnerability has a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), and high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H).
Remote attackers require no authentication or privileges to exploit this path traversal flaw over the network. Successful exploitation allows arbitrary file read, write, or execution on the targeted system by manipulating pathnames to escape restricted directories, potentially leading to full system compromise.
Mitigation details are available in the advisory published by the Turkish National Cyber Incident Response Center (USOM) at https://www.usom.gov.tr/bildirim/tr-25-0049. Users should upgrade to OBS version 24.0927 or later to address the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The path traversal vulnerability (CWE-22) in a publicly accessible application allows remote unauthenticated attackers to read, write, or execute arbitrary files, directly mapping to exploitation of public-facing applications for initial access and full system compromise.