Home > Vulnerability Database > CVE-2024-31144

Mend.io Vulnerability Database

CVE-2024-31144

Date: February 14, 2025

An issue was discovered in Xapi, where metadata injection attack could be performed against backup/restore functionality. A malicious guest can manipulate its disk to appear to be a metadata backup. To leverage the vulnerability, an attacker would likely need insider information to construct a plausible-looking metadata backup, and would have to persuade a real administrator to perform a data-recovery action. Systems running Xapi v1.249.x are affected.

Language: Python

Severity Score

3.8

Related Resources (7)

Url: http://xenbits.xen.org/xsa/advisory-459.html

Url: https://seclists.org/oss-sec/2024/q3/att-74/xsa459-xsconsole.patch

Url: https://xenbits.xen.org/xsa/advisory-459.html

Url: http://www.openwall.com/lists/oss-security/2024/07/16/4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31144

Url: https://github.com/xapi-project/xsconsole/commit/54d9b4f4e78c04922d35e60c996b35906a2cadc5

Url: https://www.mend.io/vulnerability-database/CVE-2024-31144

Severity Score

3.8

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31144

Date: February 14, 2025

Language: Python

Severity Score

Related Resources (7)

Severity Score

CVSS v3.1

Do you need more information?