CVE-2024-34525

Exploit

EPSS 0.03%
Veröffentlicht 06.05.2024 00:15:10
Zuletzt bearbeitet 25.11.2025 19:48:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lanol ≫ Filecodebox Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-591 Sensitive Data Storage in Improperly Locked Memory

The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

https://github.com/vastsa/FileCodeBox/issues/133

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-34525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34525

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-34525