Affected of this project EpicGames/BlenderTools are vulnerable to Access Control Bypass via the server.fs.deny option. An attacker can gain access to sensitive files by requesting raw filesystem paths using case-augmented versions of filenames. This is only exploitable if the server is hosted on a case-insensitive filesystem, including those used by Windows. This bypass is similar to CVE-2023-34092 with surface area reduced to hosts having case-insensitive filesystems.
Affected of this project
EpicGames/BlenderToolsare vulnerable to Access Control Bypass via the server.fs.deny option. An attacker can gain access to sensitive files by requesting raw filesystem paths using case-augmented versions of filenames. This is only exploitable if the server is hosted on a case-insensitive filesystem, including those used by Windows. This bypass is similar to CVE-2023-34092 with surface area reduced to hosts having case-insensitive filesystems.