CVE-2024-30187 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
anope	anope	𝑥 < 2.0.15

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

anope

bookworm	no-dsa
bullseye	no-dsa
buster	postponed
forky	2.0.17-1.1 fixed
sid	2.0.17-1.1 fixed
trixie	2.0.17-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

anope

bionic	Fixed 2.0.4-2ubuntu0.1~esm1 released
focal	Fixed 2.0.6-1ubuntu0.1 released
jammy	Fixed 2.0.9-1ubuntu0.1 released
mantic	Fixed 2.0.12-1ubuntu0.23.10.1 released
noble	Fixed 2.0.12-1ubuntu1 released
xenial	Fixed 2.0.3-1ubuntu0.1~esm1 released

Known Exploits!

Common Weakness Enumeration

CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5

https://github.com/anope/anope/issues/351

https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5

https://github.com/anope/anope/issues/351