Advisory: Preventing CSRF attacks against FileCloud

FileCloud version and earlier, is vulnerable to cross-site request forgery (CSRF) based attacks.
An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request by clicking on a malicious link or opening a malicious website.

A remote, unauthenticated attacker may be able to induce an authenticated user into making an unintentional request to the FileCloud server that will be treated as an authenticated request.


Update FileCloud 14.0 and above to address this issue and to prevent such attacks.
Users are encouraged to view the release notes and update to the latest release.