Advisory 2023-03/04 Minor Security Issue - Potential to Inadvertently Create Full Users
| Vulnerability type | Default automatic account approval type has been made stricter to prevent users from having unintended privileges. |
| Versions affected | FileCloud Versions 22.1 and earlier |
| Version fixed | FileCloud Version 22.1.1 and later |
Description
By default, FileCloud Versions 22.1 and earlier created accounts for users who newly logged in to FileCloud as automatically enabled accounts with Full privileges. To prevent the possibility of new users unintentionally being created with too many permissions, by default, FileCloud Versions 22.1.1 and later create accounts for users who newly log in as disabled accounts that require Admin approval before becoming active.
Fix
This vulnerability has been fixed in FileCloud version 22.1.1.20926.
What you should do to fix this vulnerability
- If you have already reset your Automatic Account Approval setting, you do not have to make any changes.
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 22.1.1.20926 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.