CA Certificate Check Bypassed
|Security Advisory Date||May 5, 2021|
|Vulnerability Type||Component with Known Vulnerability|
|Severity factors||See https://www.openssl.org/news/secadv/20210325.txt|
|Versions affected||All versions of FileCloud prior to 22.214.171.12481.|
|Version fixed||FileCloud Version 126.96.36.19981|
OpenSSL versions 1.1.1h and newer introduced an error that enabled bypassing a security check. The security check would have confirmed that non-CA certificates could not issue other certificates. OpenSSL 1.1.1k fixes this issue.
The latest version of FileCloud includes the updated version of OpenSSL, 1.1.1k.
See the full descriptions of the issue at https://www.openssl.org/news/secadv/20210325.txt.
This has been fixed in FileCloud version 188.8.131.5281, which includes the updated version of OpenSSL.
What you should do
- If you are using a FileCloud on-premises installation, please update it to the latest version, which is 184.108.40.20681 or greater.
- If you are using FileCloud online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.