CVE-2024-49381 HIGH

CVE-2024-49381: Plenti arbitrary file deletion vulnerability

Vendor Plentico
Product plenti
Weakness CWE-74
Published October 25, 2024
Last update October 25, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.

Key dates

02Disclosure timeline

October 25, 2024 CVE published
October 25, 2024 Record updated