1 results (0.006 seconds)
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-21545
https://notcve.org/view.php?id=CVE-2024-21545
24 Sep 2024 — Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If ... • https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-705345 • CWE-73: External Control of File Name or Path •