CVE-2024-9301 - Vulnerability Details - OpenCVE

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Netflix	E2nest

Configuration 1 [-]

cpe:2.3:a:netflix:e2nest:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00138}`	epss `{'score': 0.0015}`

Mon, 07 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Fri, 27 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netflix Netflix e2nest
CPEs		cpe:2.3:a:netflix:e2nest::::::::
Vendors & Products		Netflix Netflix e2nest
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
Description		A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
Weaknesses		CWE-22
References		https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: netflix

Published: 2024-09-27T17:41:49.445Z

Updated: 2024-09-27T18:59:31.078Z

Reserved: 2024-09-27T17:13:09.452Z

Link: CVE-2024-9301

Vulnrichment

Updated: 2024-09-27T18:59:23.515Z

NVD

Status : Analyzed

Published: 2024-09-27T18:15:06.163

Modified: 2024-10-07T13:12:48.953

Link: CVE-2024-9301

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9301", "assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2", "state": "PUBLISHED", "assignerShortName": "netflix", "dateReserved": "2024-09-27T17:13:09.452Z", "datePublished": "2024-09-27T17:41:49.445Z", "dateUpdated": "2024-09-27T18:59:31.078Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "E2Nest", "repo": "https://github.com/Netflix/e2nest", "vendor": "Netflix", "versions": [{"lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a</span>"}], "value": "A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2", "shortName": "netflix", "dateUpdated": "2024-09-27T17:41:49.445Z"}, "references": [{"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "netflix", "product": "e2nest", "cpes": ["cpe:2.3:a:netflix:e2nest:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a", "versionType": "git"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T18:57:50.355035Z", "id": "CVE-2024-9301", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T18:59:31.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T18:57:50.355035Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netflix:e2nest:*:*:*:*:*:*:*:*"], "vendor": "netflix", "product": "e2nest", "versions": [{"status": "affected", "version": "0", "lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a", "versionType": "git"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T18:59:23.515Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/Netflix/e2nest", "vendor": "Netflix", "product": "E2Nest", "versions": [{"status": "affected", "version": "0", "lessThan": "8a41948e553c89c56b14410c6ed395e9cfb9250a", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2", "shortName": "netflix", "dateUpdated": "2024-09-27T17:41:49.445Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9301", "state": "PUBLISHED", "dateUpdated": "2024-09-27T18:59:31.078Z", "dateReserved": "2024-09-27T17:13:09.452Z", "assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2", "datePublished": "2024-09-27T17:41:49.445Z", "assignerShortName": "netflix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netflix:e2nest:*:*:*:*:*:*:*:*", "matchCriteriaId": "29CDBBE8-9B23-43D7-BCF9-73F128C6878F", "versionEndExcluding": "2024-09-05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a"}, {"lang": "es", "value": "Un problema de Path Traversal en E2Nest antes de el commit 8a41948e553c89c56b14410c6ed395e9cfb9250a"}], "id": "CVE-2024-9301", "lastModified": "2024-10-07T13:12:48.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "security-report@netflix.com", "type": "Secondary"}]}, "published": "2024-09-27T18:15:06.163", "references": [{"source": "security-report@netflix.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-004.md"}], "sourceIdentifier": "security-report@netflix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-report@netflix.com", "type": "Secondary"}]}