CVE-2024-30187 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
anope	anope	𝑥 < 2.0.15

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

anope

bullseye	no-dsa
bookworm	no-dsa
buster	postponed
trixie	2.0.17-1 fixed
forky	2.0.17-1.1 fixed
sid	2.0.17-1.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

anope

noble	Fixed 2.0.12-1ubuntu1 released
mantic	Fixed 2.0.12-1ubuntu0.23.10.1 released
jammy	Fixed 2.0.9-1ubuntu0.1 released
focal	Fixed 2.0.6-1ubuntu0.1 released
bionic	Fixed 2.0.4-2ubuntu0.1~esm1 released
xenial	Fixed 2.0.3-1ubuntu0.1~esm1 released

Known Exploits!

Common Weakness Enumeration

CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5

https://github.com/anope/anope/issues/351

https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5

https://github.com/anope/anope/issues/351