MidnightBSD

Advisories for matrix-globalservices

CVE-2024-38429

Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
matrix-globalservices tafnit *
CVE-2024-38430

Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
matrix-globalservices tafnit *
CVE-2024-38431

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
matrix-globalservices tafnit *
CVE-2024-38432

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 1.3 3.7

Products Affected

Vendor Product Version
matrix-globalservices tafnit *