S3 Browser
CVE-2024-37865
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
AnalysisAI
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-295. An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. Affected products include: S3Browser S3 Browser.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in S3 Browser
View allSame weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today