CVE-2024-32959

HIGH EXPLOITED

Sirv <= 7.2.2 - Incorrect Privilege Assignment via Arbitrary Option Update

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-32959 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0043
EPSS Percentile 34.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2024-04-23
CWE
CWE-266
Status published
Products (2)
sirv/sirv < 7.2.3
Sirv CDN and Image Hosting/Sirv < 7.2.2
Published May 17, 2024
Tracked Since Feb 18, 2026