CVE-2024-38646

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
8.4HIGH
EPSS
0.1%
top 82.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Notes Station 3Qnap Notes Station 3
Timeline
PublishedNov 22

Description

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

Affected Packages2 packages

NVDqnap/notes_station_33.9.03.9.7
CVEListV5qnap_systems_inc./notes_station_33.9.x3.9.7

🔴Vulnerability Details

2
GHSA
GHSA-4fhq-hj5g-3c47: An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 32024-11-22
CVEList
Notes Station 32024-11-22
CVE-2024-38646 (HIGH CVSS 8.4) | An incorrect permission assignment | cvebase.io