Advisory 2021-05/1 OpenSSL Vulnerability
CA Certificate Check Bypassed
Security Advisory Date | May 5, 2021 |
Vulnerability Type | Component with Known Vulnerability |
Severity factors | See https://www.openssl.org/news/secadv/20210325.txt |
Versions affected | All versions of FileCloud prior to 21.1.0.15081. |
Version fixed | FileCloud Version 21.1.0.15081 |
Description
OpenSSL versions 1.1.1h and newer introduced an error that enabled bypassing a security check. The security check would have confirmed that non-CA certificates could not issue other certificates. OpenSSL 1.1.1k fixes this issue.
The latest version of FileCloud includes the updated version of OpenSSL, 1.1.1k.
See the full descriptions of the issue at https://www.openssl.org/news/secadv/20210325.txt.
Fix
This has been fixed in FileCloud version 21.1.0.15081, which includes the updated version of OpenSSL.
What you should do
- If you are using a FileCloud on-premises installation, please update it to the latest version, which is 21.1.0.15081 or greater.
- If you are using FileCloud online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.