Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e6sz-v9na-audd
Summary
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.

The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.
Aliases
0
alias CVE-2024-9257
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-9257
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19599
published_at 2026-06-11T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19773
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-9257
1
reference_url https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes
reference_id 21062889743762-30-08-2024-Version-6-4-26-Release-Notes
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-23T01:19:41Z/
url https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes
2
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1295/
reference_id ZDI-24-1295
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-23T01:19:41Z/
url https://www.zerodayinitiative.com/advisories/ZDI-24-1295/
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score4.3 - 4.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e6sz-v9na-audd