CVE-2024-2045 (GCVE-0-2024-2045)
Vulnerability from cvelistv5 – Published: 2024-02-29 23:37 – Updated: 2025-05-19 16:56
VLAI?
Title
Session 1.17.5 - LFR via chat attachment
Summary
Session version 1.17.5 allows obtaining internal application files and public
files from the user's device without the user's consent. This is possible
because the application is vulnerable to Local File Read via chat attachments.
Severity ?
5.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opft:session:1.17.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "session",
"vendor": "opft",
"versions": [
{
"status": "affected",
"version": "1.17.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T18:55:34.971070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:52:53.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:37.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/newman/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oxen-io/session-android/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Session",
"vendor": "Session",
"versions": [
{
"status": "affected",
"version": "1.17.5"
}
]
}
],
"datePublic": "2024-02-29T23:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eSession version 1.17.5 allows obtaining internal application files and public\u003c/div\u003e\u003cdiv\u003efiles from the user\u0027s device without the user\u0027s consent. This is possible\u003c/div\u003e\u003cdiv\u003ebecause the application is vulnerable to Local File Read via chat attachments.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Session version 1.17.5 allows obtaining internal application files and public\n\nfiles from the user\u0027s device without the user\u0027s consent. This is possible\n\nbecause the application is vulnerable to Local File Read via chat attachments."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:56:56.891Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/newman/"
},
{
"url": "https://github.com/oxen-io/session-android/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Session 1.17.5 - LFR via chat attachment",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2024-2045",
"datePublished": "2024-02-29T23:37:37.339Z",
"dateReserved": "2024-02-29T23:31:27.739Z",
"dateUpdated": "2025-05-19T16:56:56.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2045\",\"sourceIdentifier\":\"help@fluidattacks.com\",\"published\":\"2024-03-01T00:15:52.493\",\"lastModified\":\"2025-05-19T17:15:22.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Session version 1.17.5 allows obtaining internal application files and public\\n\\nfiles from the user\u0027s device without the user\u0027s consent. This is possible\\n\\nbecause the application is vulnerable to Local File Read via chat attachments.\"},{\"lang\":\"es\",\"value\":\"La versi\u00f3n de sesi\u00f3n 1.17.5 permite obtener archivos de aplicaciones internas y archivos p\u00fablicos del dispositivo del usuario sin el consentimiento del usuario. Esto es posible porque la aplicaci\u00f3n es vulnerable a la lectura de archivos locales a trav\u00e9s de archivos adjuntos del chat.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opft:session:1.17.5:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"E955A49B-FF35-4AC4-AD90-E7F17EE69811\"}]}]}],\"references\":[{\"url\":\"https://fluidattacks.com/advisories/newman/\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/oxen-io/session-android/\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Product\"]},{\"url\":\"https://fluidattacks.com/advisories/newman/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/oxen-io/session-android/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fluidattacks.com/advisories/newman/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/oxen-io/session-android/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:03:37.761Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2045\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-06T18:55:34.971070Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:opft:session:1.17.5:*:*:*:*:*:*:*\"], \"vendor\": \"opft\", \"product\": \"session\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.17.5\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-26T17:52:48.405Z\"}}], \"cna\": {\"title\": \"Session 1.17.5 - LFR via chat attachment\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-131\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-131 Resource Leak Exposure\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Session\", \"product\": \"Session\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.17.5\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-02-29T23:33:00.000Z\", \"references\": [{\"url\": \"https://fluidattacks.com/advisories/newman/\"}, {\"url\": \"https://github.com/oxen-io/session-android/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Session version 1.17.5 allows obtaining internal application files and public\\n\\nfiles from the user\u0027s device without the user\u0027s consent. This is possible\\n\\nbecause the application is vulnerable to Local File Read via chat attachments.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003eSession version 1.17.5 allows obtaining internal application files and public\u003c/div\u003e\u003cdiv\u003efiles from the user\u0027s device without the user\u0027s consent. This is possible\u003c/div\u003e\u003cdiv\u003ebecause the application is vulnerable to Local File Read via chat attachments.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"84fe0718-d6bb-4716-a7e8-81a6d1daa869\", \"shortName\": \"Fluid Attacks\", \"dateUpdated\": \"2025-05-19T16:56:56.891Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-2045\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-19T16:56:56.891Z\", \"dateReserved\": \"2024-02-29T23:31:27.739Z\", \"assignerOrgId\": \"84fe0718-d6bb-4716-a7e8-81a6d1daa869\", \"datePublished\": \"2024-02-29T23:37:37.339Z\", \"assignerShortName\": \"Fluid Attacks\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…