CVE-2024-29964 — Incorrect Permission Assignment in Brocade Sannav

CWE-732 — Incorrect Permission Assignment CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

CNA5.7

EPSS

0.2%

top 54.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Sannav Brocade Sannav

Timeline

PublishedApr 19

Description

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/brocade_sannav< 2.3.0a

▶CVEListV5brocade/brocade_sannavbefore v2.3.0a

🔴Vulnerability Details

CVEList

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files↗2024-04-19

▶

GHSA

GHSA-p68r-f2j8-7389: Docker instances in Brocade SANnav before v2↗2024-04-19

▶