This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: LGE
Published: 2023-09-04T10:39:30.389Z
Updated: 2024-09-30T18:49:27.510Z
Reserved: 2023-08-30T08:06:53.638Z
Link: CVE-2023-4615
Vulnrichment
Updated: 2024-08-02T07:31:06.632Z
NVD
Status : Modified
Published: 2023-09-04T11:15:41.657
Modified: 2024-11-21T08:35:33.010
Link: CVE-2023-4615
Redhat
No data.