x/vulndb: potential Go vuln in github.com/projectdiscovery/interactsh: CVE-2024-5262

[tatianab]

CVE-2024-5262 references github.com/projectdiscovery/interactsh, which may be a Go module.

Description:
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-5262
• JSON: https://github.com/CVEProject/cvelist/tree/e076e9c24f3ede5a41143e706602e9c41139fd45/2024/5xxx/CVE-2024-5262.json
• advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-5262
• fix: Better scoping of smb share projectdiscovery/interactsh#874
• web: https://zuso.ai/advisory/za-2024-01
• Imported by: https://pkg.go.dev/github.com/projectdiscovery/interactsh?tab=importedby

Cross references:

• Module github.com/projectdiscovery/interactsh appears in issue x/vulndb: potential Go vuln in github.com/projectdiscovery/interactsh: GHSA-m36x-mgfh-8g78 #372 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/projectdiscovery/interactsh
      vulnerable_at: 1.2.0
      packages:
        - package: Interactsh
summary: CVE-2024-5262 in github.com/projectdiscovery/interactsh
cves:
    - CVE-2024-5262
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-5262
    - fix: https://github.com/projectdiscovery/interactsh/pull/874
    - web: https://zuso.ai/advisory/za-2024-01
source:
    id: CVE-2024-5262
    created: 2024-06-07T17:18:08.652835-04:00
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/592456 mentions this issue: data/reports: add 19 unreviewed reports

[gopherbot]

Change https://go.dev/cl/592457 mentions this issue: data/reports: add 16 unreviewed reports