SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability – CVE-2024-3318

Description

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources.

Affected product and versions

Identity Security Cloud

Resolution

This issue has been resolved. No further action is needed.

CVE details

CVE ID: CVE-2024-3318

Published Date: 05/15/2024

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE: CWE-22

CVSS v3 Score: 4.2 (Medium)

CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N