Detections
Analytics

CVE-2024-47071

medium

Description

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww

https://github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719

Details

Source: Mitre, NVD

Published: 2024-10-01

Updated: 2024-10-04

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Severity: Medium