CVE-2024-49082
published 2024-12-12CVE-2024-49082: Windows File Explorer Information Disclosure Vulnerability
medium6.8CVSS 3.1
AVNACHPRNUIRSUCHIHAN
Windows File Explorer Information Disclosure Vulnerability
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_1607 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_1809 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_21h2 | < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_22h2 | < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_23h2 | < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27467 | 6.1.7601.27467 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.23016 | 6.0.6003.23016 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25222 | 6.2.9200.25222 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22318 | 6.3.9600.22318 |
| microsoft | windows_server_2016 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
osv7.5HIGH
OSV
python-aiohttp vulnerabilities
osv·2025-07-17·CVSS 7.5
CVE-2023-47627 python-aiohttp vulnerabilities
python-aiohttp vulnerabilities
Ben Kallus discovered that AIOHTTP did not correctly parse HTTP
headers. A remote attacker could possibly use this issue to perform
request smuggling. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-47627)
Ivan Novikov discovered that AIOHTTP did not properly validate certain
inputs. A remote attacker could possibly use this issue to perform request
smuggling. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-49081, CVE-2023-49082)
Paul J. Dorn discovered that AIOHTTP did not properly validate certain
inputs. A remote attacker could possibly use this issue to perform request
smuggling. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2024-23829)
Takes
GHSA
GHSA-67jv-gxg5-rmq6: Windows File Explorer Information Disclosure Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49082 [MEDIUM] CWE-22 GHSA-67jv-gxg5-rmq6: Windows File Explorer Information Disclosure Vulnerability
Windows File Explorer Information Disclosure Vulnerability
Microsoft
Windows File Explorer Information Disclosure Vulnerability
vendor_msrc·2024-12-10·CVSS 6.8
CVE-2024-49082 [MEDIUM] CWE-22 Windows File Explorer Information Disclosure Vulnerability
Windows File Explorer Information Disclosure Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?
An unauthorized attacker must wait for a user to initiate a connection.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of the user's folders and personal data.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of para
No detection rules found.
No public exploits indexed.
2024-12-12
Published