{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T23:09:57.010","vulnerabilities":[{"cve":{"id":"CVE-2024-6759","sourceIdentifier":"secteam@freebsd.org","published":"2024-08-12T13:38:40.380","lastModified":"2024-11-21T09:50:15.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, \"/\".  This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.\n\nThe lack of validation described above gives rise to a confused deputy problem.  For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory."},{"lang":"es","value":"Al montar un sistema de archivos remoto usando NFS, el kernel no desinfectó los nombres de archivos proporcionados de forma remota para el carácter separador de ruta, \"/\". Esto permite que readdir(3) y funciones relacionadas devuelvan entradas del sistema de archivos con nombres que contienen componentes de ruta adicionales. La falta de validación descrita anteriormente da lugar a un confuso problema de diputados. Por ejemplo, se podría engañar a un programa que copia archivos desde un montaje NFS para que los copie desde fuera del directorio de origen previsto y/o a una ubicación fuera del directorio de destino previsto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionEndExcluding":"13.0","matchCriteriaId":"18A4E85D-70A5-4382-AAB7-4A531615613D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1","versionEndExcluding":"13.3","matchCriteriaId":"FEC367A5-24D1-414E-BC77-07968E787D01"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*","matchCriteriaId":"ABEA48EC-24EA-4106-9465-CE66B938635F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*","matchCriteriaId":"8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*","matchCriteriaId":"BC8C769C-A23E-4F61-AC42-4DA64421B096"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*","matchCriteriaId":"45B0589E-2E7D-4516-A8A0-88F30038EAB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*","matchCriteriaId":"DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*","matchCriteriaId":"69A72B5A-2189-4700-8E8B-1E5E7CA86C40"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*","matchCriteriaId":"5771F187-281B-4680-B562-EFC7441A8F88"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*","matchCriteriaId":"0A4437F5-9DDA-4769-974E-23BFA085E0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*","matchCriteriaId":"A9C3A3D4-C9F4-41EB-B532-821AF83470B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*","matchCriteriaId":"878A1F0A-087F-47D7-9CA5-A54BB8D6676A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*","matchCriteriaId":"CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*","matchCriteriaId":"50A5E650-31FB-45BE-8827-641B58A83E45"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*","matchCriteriaId":"D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*","matchCriteriaId":"038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*","matchCriteriaId":"BF309824-D379-4749-A1FA-BCB2987DD671"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*","matchCriteriaId":"AA813990-8C8F-4EE8-9F2B-9F73C510A7B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*","matchCriteriaId":"D4DFA201-27D5-4C01-B90F-E24778943C3B"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240816-0009/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}