Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29062: Fortiguard

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.

CVE
#vulnerability#web#nginx#auth

** PSIRT Advisories**

FortiSOAR - Path traversal vulnerabilities in the web API

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests.

Affected Products

FortiSOAR version 7.2.0
FortiSOAR version 7.0.0 through 7.0.2

Solutions

Please upgrade to FortiSOAR version 7.2.1 or above
Please upgrade to FortiSOAR version 7.0.3 or above

Acknowledgement

Fortinet is pleased to thank security researchers Ryan Catterall and OJ Reeves of Beyond Binary for discovering and reporting this vulnerability under responsible disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907