CVE-2024-47071
- Source
- https://cve.org/CVERecord?id=CVE-2024-47071
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47071.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47071
- Aliases
-
- GHSA-x9wc-qjrc-j7ww
- Published
- 2024-10-01T15:40:46.257Z
- Modified
- 2026-04-10T05:18:04.399686Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- OSS Endpoint Manager allows unauthorized access to read system files
- Details
-
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47071.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47071.json
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww
- https://nvd.nist.gov/vuln/detail/CVE-2024-47071
- https://github.com/FreePBX-ContributedModules/endpointman/commit/bad70ca3de2166bbd24f273f7f212a8b2c92a719
Affected packages
Git / github.com/freepbx-contributedmodules/endpointman
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freepbx-contributedmodules/endpointman
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release/1.*
release/1.9.9
release/13.*
release/13.0.1
release/13.0.2
release/13.0.3
release/13.0.4
release/13.0.5
release/13.0.6.2
release/13.0.6.5
release/13.0.6.6
release/13.0.6.7
release/13.0.7.11
release/13.0.7.12
release/13.0.7.13
release/13.0.7.14
release/13.0.7.15
release/13.0.7.16
release/13.0.7.17
release/13.0.7.18
release/14.*
release/14.0.0.1
release/14.0.0.6
release/14.0.1.1
release/14.0.1.2
release/14.0.1.8
release/14.0.2.1
release/14.0.3
release/2.*
release/2.0.0
release/2.11.10
release/2.11.11
release/2.11.12
release/2.11.5.0
release/2.11.5.1
release/2.11.5.2
release/2.11.5.3
release/2.11.5.5
release/2.11.6
release/2.11.7
release/2.11.8
release/2.11.9
release/2.2.3
release/2.2.4
release/2.2.5
release/2.2.6
release/2.2.7
release/2.2.8
release/2.2.9
release/2.3.0
release/2.3.1
release/2.3.2
release/2.9.0.0
release/2.9.0.1
release/2.9.0.3RC1
release/2.9.0.3RC2
release/2.9.0.3RC3
release/2.9.0.3RC4
release/2.9.0.3RC5
release/2.9.0.3RC7
release/2.9.0.3RC9
release/2.9.0.8
release/2.9.0.9
release/2.9.1.0
release/2.9.1.2
release/2.9.2.2
release/2.9.2.3