Advisory 2022-10/01 Unauthorized access and potential remote code execution
Unauthorized access and potential remote code execution
|Security Advisory Date||October 20, 2022|
|Vulnerability Type||Unauthorized access and potential remote code execution|
This vulnerability has a CVSS score of 9.3 with a critical severity rating
|Versions affected||FileCloud Versions 20.2 and later|
|Version fixed||FileCloud Version 22.214.171.12407 and later|
A specially crafted malformed HTTP request can potentially cause unauthorized remote code execution and access to reported API endpoints.
This has been fixed in FileCloud version 126.96.36.19907
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 188.8.131.5207 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.