CVE-2024-48651 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Debian Releases

Debian Product

Codename

proftpd-dfsg

bullseye	vulnerable
bullseye (security)	1.3.7a+dfsg-12+deb11u5 fixed
bookworm	1.3.8+dfsg-4+deb12u4 fixed
bookworm (security)	1.3.8+dfsg-4+deb12u4 fixed
sid	1.3.8.c+dfsg-4 fixed
trixie	1.3.8.c+dfsg-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

proftpd-dfsg

plucky	not-affected
oracular	Fixed 1.3.8.b+dfsg-2ubuntu1.24.10.1 released
noble	Fixed 1.3.8.b+dfsg-1ubuntu0.1 released
jammy	Fixed 1.3.7c+dfsg-1ubuntu0.1 released
focal	Fixed 1.3.6c-2ubuntu0.1 released
bionic	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1

https://github.com/proftpd/proftpd/issues/1830