Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), but could lead to no loss of availability (A:N). What does that mean for this vulnerability? Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the Availability of the system.
<a href="https://www.linkedin.com/in/thongvv3">Vo Van Thong</a> with <a href="https://vnggames.com/">VNGGames</a>