How severe is CVE-2024-8501?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-8501?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2024-8501 - HIGH Severity | CVSS 7.5

Vulnerability Description

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

Related Vulnerabilities

CVE-2021-1296

HIGH

CVSS:7.5(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct d...

CWE-362021

CVE-2021-1297

HIGH

CVSS:7.5(High)

CWE-362021

CVE-2023-2765

HIGH

CVSS:7.5(High)

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the...

CWE-362023

CVE-2023-4172

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\...

CWE-362023

CVE-2024-11978

HIGH

CVSS:7.5(High)

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-362024

CVE-2024-13159

HIGH

CVSS:7.5(High)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024