Page tree
Skip to end of metadata
Go to start of metadata

Threat of Unauthenticated User Reading Unauthorized UI resources

Security Advisory DateJune 9, 2021
Vulnerability TypeLimited Arbitrary Fie Read
Severity factors

Low, because the user (authenticated or not) is able to read only zip files within the FileCloud installation.

Versions affectedAll versions of FileCloud prior to 21.1.1.15106, on-premises installations in Windows only. 
Version fixedFileCloud Version 21.1.1.15106

Description

On Windows, the core/ui endpoint potentially enabled an unauthenticated user to read the contents of a zip file within the FileCloud installation. 
The latest version of FileCloud fixes this by treating the string as invalid and returning a bad request error.

Fix

This has been fixed in FileCloud version 21.1.1.15106, which prevents sending of the request.

What you should do

  • If you are using a FileCloud on-premises installation in Windows, please update it to the latest version, which is 21.1.1.15106 or greater.
  • If you are using FileCloud online or using FileCloud on a non-Windows system, you are not affected.

If you have any questions about this advisory, please contact FileCloud support

  • No labels