Incomplete Model of Endpoint Features

CVE-2024-57176

High

7.6/10

Summary

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-437 - Incomplete Model of Endpoint Features

A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.

References

Advisory Timeline

Published Feb 21, 2025

Incomplete Model of Endpoint Features

CVE-2024-57176

Summary

CWE-437 - Incomplete Model of Endpoint Features

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS