Potential unauthorized data access on network shares with NTFS permissions
|Security Advisory Date||June 10, 2022|
|Vulnerability Type||Unauthorized data access|
This vulnerability has a CVSS score of 4.3 with a Medium severity rating.
|Versions affected||FileCloud Versions 21.2 and later|
|Version fixed||FileCloud Version 188.8.131.5213|
|Source||Ralph Meier and Andrea Hauser from scip AG|
Using NTFS paths, authenticated FileCloud users are potentially able to perform unauthorized downloads of files in network shares if the file paths are known to them.
This has been fixed in FileCloud version 184.108.40.20613.
What you should do to fix these vulnerabilities
- If you are using FileCloud on-premises, it is recommended that you update to the latest version, which is 220.127.116.1113 or greater. This will resolve the issue.
- If you are using FileCloud online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.