Centrify PAS v. 21.3 and possibly others
Impact: This vulnerability may allow to get sensitive information from filenames and may help to exploit arbitrary file reading vulnerability.
Access Vector: The vulnerability can be exploited by any authorized user with network access.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.0
CVE-2024-5866
The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application.
Apply patch from vendor. Versions 23.1-HF7 and on have the patch.
The vulnerability was discovered by Vladas Bulavas from Kaspersky
https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md