CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49360 – Path traversal in Sandboxie
https://notcve.org/view.php?id=CVE-2024-49360
29 Nov 2024 — Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\Sandbox\xxx`. By default in Windows 7+, the `C:\Users\UserA` folder is not readable by **UserB**. All files e... • https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •