Security Advisory

CVE-2024-54453

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-27 00:00:00
Last updated 2024-12-31 18:38:06
Assigner mitre
State PUBLISHED

Description

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code.