Advisory 2021-05/1 OpenSSL Vulnerability

CA Certificate Check Bypassed

Security Advisory DateMay 5, 2021
Vulnerability TypeComponent with Known Vulnerability
Severity factorsSee https://www.openssl.org/news/secadv/20210325.txt
Versions affectedAll versions of FileCloud prior to 21.1.0.15081.
Version fixedFileCloud Version  21.1.0.15081

Description

OpenSSL versions 1.1.1h and newer introduced an error that enabled bypassing a security check. The security check would have confirmed that non-CA certificates could not issue other certificates. OpenSSL 1.1.1k fixes this issue.

The latest version of FileCloud includes the updated version of OpenSSL, 1.1.1k.

See the full descriptions of the issue at https://www.openssl.org/news/secadv/20210325.txt.

Fix

This has been fixed in FileCloud version 21.1.0.15081, which includes the updated version of OpenSSL.

What you should do

  • If you are using a FileCloud on-premises installation, please update it to the latest version, which is 21.1.0.15081 or greater.
  • If you are using FileCloud online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support