Advisory 2022-06/01 Potential Unauthorized Data Access When Using Network Folders with NTFS Permissions

Potential unauthorized data access on network shares with NTFS permissions

Security Advisory DateJune 10, 2022
Vulnerability TypeUnauthorized data access
Severity factors

This vulnerability has a CVSS score of 4.3 with a Medium severity rating.
Under some conditions, network folders with NTFS permissions might allow authenticated users potential unauthorized data access.

Versions affectedFileCloud Versions 21.2 and later
Version fixedFileCloud Version 21.3.5.18513
SourceRalph Meier and Andrea Hauser from scip AG

Description

Using NTFS paths, authenticated FileCloud users are potentially able to perform unauthorized downloads of files in network shares if the file paths are known to them.

Fix

This has been fixed in FileCloud version 21.3.5.18513.

What you should do to fix these vulnerabilities

  • If you are using FileCloud on-premises, it is recommended that you update to the latest version, which is 21.3.5.18513 or greater. This will resolve the issue.
  • If you are using FileCloud online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.