Advisory 2022-03/1 Potential Improper Authorization Checks When Manipulating Share Properties
Potential improper authorization
Security Advisory Date | March 9, 2022 |
Vulnerability Type | Potential unauthorized data access |
Severity factors | This vulnerability has a medium severity rating. |
Versions affected | All versions of FileCloud prior to 21.3 |
Version fixed | FileCloud Version 21.3.2.18465 |
Description
This vulnerability enables potential manipulation of the share to allow unauthorized modifications to share properties. This issue requires an existing full user account in the system to attempt this unauthorized change and also requires high iteration algorithmic attempts to guess at the information in the share.
Fix
This has been fixed in FileCloud version 21.3.2.18465.
What you should do
- If you are using FileCloud on-premises, it is recommended that you update to the latest version, which is 21.3.2.18465 or greater. This will resolve the issue.
- If you are using FileCloud online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.