Advisory 2021-06 Limited Arbitrary File Read

Threat of Unauthenticated User Reading Unauthorized UI resources

Security Advisory DateJune 9, 2021
Vulnerability TypeLimited Arbitrary Fie Read
Severity factors

Low, because the user (authenticated or not) is able to read only zip files within the FileCloud installation.

Versions affectedAll versions of FileCloud prior to, on-premises installations in Windows only. 
Version fixedFileCloud Version


On Windows, the core/ui endpoint potentially enabled an unauthenticated user to read the contents of a zip file within the FileCloud installation. 
The latest version of FileCloud fixes this by treating the string as invalid and returning a bad request error.


This has been fixed in FileCloud version, which prevents sending of the request.

What you should do

  • If you are using a FileCloud on-premises installation in Windows, please update it to the latest version, which is or greater.
  • If you are using FileCloud online or using FileCloud on a non-Windows system, you are not affected.

If you have any questions about this advisory, please contact FileCloud support