CVE-2024-38462

CRITICAL

iRODS < 4.3.2 - Untrusted Search Path via msiSendMail Function

Title source: llm

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.

Core 4

Core References

Product

Issue Tracking

Issue Tracking, Patch

Release Notes

CVSS v3 9.8

EPSS 0.0061

EPSS Percentile 44.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

CWE

CWE-426

Status published

Products (1)

irods/irods < 4.3.2

Published Jun 16, 2024

Tracked Since Feb 18, 2026