Dvc
CVE-2024-11308
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
AnalysisAI
The DVC from TRCore encrypts files using a hardcoded key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-321. The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. Affected products include: Trcore Dvc.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulner
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulner
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today