How severe is CVE-2024-8550?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-8550?

This is classified as CWE-497, which is a common weakness in software security.

CVE-2024-8550 - HIGH Severity | CVSS 7.5

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory.

Related Vulnerabilities

CVE-2024-22124

HIGH

CVSS:7.5(High)

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, K...

CWE-4972024

CVE-2024-22125

HIGH

CVSS:7.5(High)

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be r...

CWE-4972024

CVE-2024-31887

HIGH

CVSS:7.5(High)

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.

CWE-4972024

CVE-2024-36070

HIGH

CVSS:7.5(High)

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.ph...

CWE-4972024

CVE-2024-48024

HIGH

CVSS:7.5(High)

: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Dai...

CWE-4972024

CVE-2024-50528

HIGH

CVSS:7.5(High)

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile Ap...

CWE-4972024