{"data":{"id":"b12b0ae0-7919-4f01-83e5-85391e3394dd","title":"CVE-2024-9333: Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited am","summary":"CVE-2024-9333 is a permissions bypass vulnerability in M-Files Connector for Copilot (a tool that integrates M-Files document management with AI assistants) that allows authenticated users (people who have already logged in) to access documents they shouldn't be able to see due to incorrect access control list calculations. The vulnerability has a CVSS score of 5.3 (a 0-10 rating of how severe a vulnerability is), which is rated as medium severity.","solution":"Update M-Files Connector for Copilot to version 24.9.3 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-9333","publishedAt":"2024-10-02T06:15:11.113Z","cveId":"CVE-2024-9333","cweIds":["CWE-281"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["M-Files","Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00048,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}