{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-3318",
        "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
        "state": "PUBLISHED",
        "assignerShortName": "SailPoint",
        "dateReserved": "2024-04-04T16:14:52.704Z",
        "datePublished": "2024-05-15T15:49:36.094Z",
        "dateUpdated": "2024-08-01T20:05:08.329Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "Identity Security Cloud",
                    "vendor": "SailPoint",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "n/a"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A file path traversal vulnerability was identified in the </span><em>DelimitedFileConnector </em><span style=\"background-color: rgb(255, 255, 255);\">Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, </span><span style=\"background-color: rgb(255, 255, 255);\">which in turn allowed the user to access files uploaded for other sources.</span>\n\n"
                        }
                    ],
                    "value": "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-126",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-126 Path Traversal"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "NONE",
                        "baseScore": 4.2,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "HIGH",
                        "scope": "UNCHANGED",
                        "userInteraction": "REQUIRED",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-22",
                            "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
                "shortName": "SailPoint",
                "dateUpdated": "2024-05-15T15:49:36.094Z"
            },
            "references": [
                {
                    "url": "https://www.sailpoint.com/security-advisories/"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>"
                        }
                    ],
                    "value": "This issue has been resolved. No further action is needed."
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-07-19T16:30:56.909490Z",
                                "id": "CVE-2024-3318",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-19T21:15:09.608Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T20:05:08.329Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.sailpoint.com/security-advisories/",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}