CVE-2024-25156 — Path Traversal in Goanywhere Managed File Transfer

CWE-22 — Path Traversal2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 51.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortra Goanywhere Managed File Transfer Fortra Goanywhere MFT

Timeline

PublishedMar 14

Description

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDfortra/goanywhere_managed_file_transfer< 7.4.2

▶CVEListV5fortra/goanywhere_mft6.0.1 — 7.4.1

🔴Vulnerability Details

GHSA

GHSA-3xgg-p2vx-fw2j: A path traversal vulnerability exists in GoAnywhere MFT prior to 7↗2024-03-14

▶