{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:03:42.683","vulnerabilities":[{"cve":{"id":"CVE-2024-25123","sourceIdentifier":"security-advisories@github.com","published":"2024-02-15T22:15:48.060","lastModified":"2025-01-09T14:30:38.743","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\\). So it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"MSS (Mission Support System) es un paquete de código abierto diseñado para planificar vuelos de investigación atmosférica. En el archivo: `index.py`, hay un método que es vulnerable a un ataque de manipulación de ruta. Al modificar las rutas de los archivos, un atacante puede adquirir información confidencial de diferentes recursos. La variable `filename` se une con otras variables para formar una ruta de archivo en `_file`. Sin embargo, \"filename\" es un parámetro de ruta que puede capturar valores de tipo de ruta, es decir, valores que incluyen barras (\\). Por lo tanto, es posible que un atacante manipule el archivo que se está leyendo asignando un valor que contenga ../ a \"nombre de archivo\" y, por lo tanto, el atacante puede obtener acceso a otros archivos en el sistema de archivos del host. Este problema se solucionó en la versión 8.3.3 de MSS. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-mss:mission_support_system:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"8.3.3","matchCriteriaId":"2B7F0B0B-30B1-417F-921B-224994383294"}]}]}],"references":[{"url":"https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}