Advisory 2022-03/2 Potential Improper Authorization Check Vulnerability

Improper authorization vulnerability

Security Advisory DateMarch 22, 2022
Vulnerability TypePotential unauthorized data access.
Severity factors

This vulnerability has a medium severity rating.

Versions affectedFileCloud Versions 20.2 and later
Version fixedFileCloud Version 21.3.3.18468

Description

This vulnerability enables authenticated users to change phone numbers of other users whose userids are known to them. 

Fix

This has been fixed in FileCloud version 21.3.3.18468.