Headline
CVE-2022-39833: Advisory 2022-10/01 Unauthorized access and potential remote code execution
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
Security Advisory Date
October 20, 2022
Vulnerability Type
Unauthorized access and potential remote code execution
Severity factors
This vulnerability has a CVSS score of 9.3 with a critical severity rating
Versions affected
FileCloud Versions 20.2 and later
Version fixed
FileCloud Version 21.3.7.18607 and later
Description
A specially crafted malformed HTTP request can potentially cause unauthorized remote code execution and access to reported API endpoints.
Fix
This has been fixed in FileCloud version 21.3.7.18607
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 21.3.7.18607 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.