Libpve Common Perl (Promox Mail Gateway 8)

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:proxmox:libpve-common-perl_(promox_mail_gateway_8):*:*:*:*:*:*:*:*

part: a version: * update: *

VendorProxmox (d3ea5405-be81-5453-b02d-0e12d2762911)
ProductLibpve Common Perl (Promox Mail Gateway 8) (3a8f0623-9a74-5f9e-b729-5ebb1595bcc0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-21545 vulnerable 2026-06-08 06:27:35.529477 Details available
HIGH (8.2)
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user. Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read. The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
Published: 2024-09-24T07:25:12.184Z
Updated: 2024-09-24T14:57:45.924Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.