CVE-2024-6789: 
M-Files Server vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2024-6789) was discovered in the API endpoint of M-Files Server. The vulnerability affects versions before 24.8.13981.0, LTS 24.2.13421.15 SR2, and LTS 23.8.12892.0 SR6. This security issue was disclosed on August 27, 2024, and allows authenticated users to read files through path traversal (M-Files Advisory).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS 4.0 Base Score of 8.4 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/RE:M/U:Green. Under CVSS 3.1, it scores 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability enables authenticated users to read files through path traversal, potentially exposing sensitive information stored on the affected M-Files Server installations (M-Files Advisory).

Users should upgrade to M-Files Server version 24.8.13981.0 or later, LTS 24.2.13421.15 SR2 or later, or LTS 23.8.12892.0 SR6 or later to address this vulnerability (M-Files Advisory).