diff --git a/_cases/2024/DIVD-2024-00031.md b/_cases/2024/DIVD-2024-00031.md index 4ee30888..47ef95e6 100644 --- a/_cases/2024/DIVD-2024-00031.md +++ b/_cases/2024/DIVD-2024-00031.md @@ -3,7 +3,7 @@ layout: case title: "Unauthenticated Local File Inclusion vulnerability in ComfortKey" author: Victor Pasman lead: Alwin Warringa -excerpt: "A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system." +excerpt: "An Unautheticated Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system." researchers: - Alwin Warringa cves: @@ -11,7 +11,7 @@ cves: product: - ComfortKey versions: -- ComfortKey below version 24.1.2. +- < 24.1.2. recommendation: "Check for the patched versions and get those installed" workaround: "N/A" patch_status: Released @@ -32,17 +32,19 @@ timeline: end: event: "First version of this casefile." # ips: 0 - +# The lines below redirect all the CVE references to our site +# Uncommend these lines if we are the CNA of record. (ask @cna_admins on Slack if you don't know) +jekyll-secinfo: + cve: + url: /cves/CVE- --- ## Summary -A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. +An Unauthenticated Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. ## Recommendations Comfort Key released patched version 24.1.2. Please update to this version number or higher if possible. -## Mitigation -N/A ## What we are doing DIVD is currently working to identify parties that are running a vulnerable version of Geoserver and to notify these parties. We do this by verifying the presence of the vulnerability in a harmless manner and collect the software version number if possible. diff --git a/_data/cves/2024/CVE-2024-27120.json b/_data/cves/2024/CVE-2024-27120.json index 8adb9e67..3d4c780e 100644 --- a/_data/cves/2024/CVE-2024-27120.json +++ b/_data/cves/2024/CVE-2024-27120.json @@ -44,7 +44,8 @@ "versions": [ { "status": "affected", - "version": "before 24.1.2" + "version": "*", + "lessThan": "24.1.2" } ], "defaultStatus": "unaffected"