CVE-2024-32399
Published: 22 April 2024
Summary
CVE-2024-32399 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-32399 is a directory traversal vulnerability, tracked as CWE-22, that affects RaidenMAILD Mail Server versions 4.9.4 and earlier. The flaw resides in the /webeditor/ component and permits remote attackers to access sensitive files on the server.
An attacker with low-privileged network access can exploit the issue by sending a crafted request that traverses directories, resulting in disclosure of sensitive information. The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L indicates that successful exploitation can produce high confidentiality and integrity impact with limited availability consequences, though user interaction is required.
Public references consist of GitHub repositories containing proof-of-concept material, but no vendor advisory or patch information is provided in the available sources. The EPSS score has reached a current value of 0.8351 with a recorded peak of 0.8526, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30217
Vulnerability details
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.