CVE-2024-13524

A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise".

CVSS v3 4.5 MEDIUM
CVSS v2.0 3.5 LOW

4.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 1.5 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/obsproject/obs-studio/pull/11569
https://vuldb.com/?ctiid.292495
https://vuldb.com/?id.292495
https://vuldb.com/?submit.480875

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en obsproject OBS Studio hasta la versión 30.0.2 en Windows y se ha clasificado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulación conduce a una ruta de búsqueda no confiable. El ataque debe abordarse localmente. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. Se recomienda aplicar un parche para solucionar este problema. El proveedor no está de acuerdo con que este problema sea "algo que valga la pena informar, ya que cada superficie de ataque requiere acceso privilegiado/compromiso del usuario".

20 Jan 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-20 03:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-13524

Mitre link : CVE-2024-13524

CVE.ORG link : CVE-2024-13524

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2024-13524", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-20T03:15:08.033", "references": [{"url": "https://github.com/obsproject/obs-studio/pull/11569", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.292495", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.292495", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.480875", "source": "cna@vuldb.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is \"something worth reporting, as every attack surface requires privileged access/user compromise\"."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en obsproject OBS Studio hasta la versi\u00f3n 30.0.2 en Windows y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda no confiable. El ataque debe abordarse localmente. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. Se recomienda aplicar un parche para solucionar este problema. El proveedor no est\u00e1 de acuerdo con que este problema sea \"algo que valga la pena informar, ya que cada superficie de ataque requiere acceso privilegiado/compromiso del usuario\"."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@vuldb.com"}