Stéphane Adamiste

**Name of the Vulnerable Software and Affected Versions** CodeLathe FileCloud versions 13.0.0.32841 and earlier **Description** The issue allows an attacker to perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. This is due to a global cross-site request forgery (CSRF) vulnerability. **Recommendations** For CodeLathe FileCloud versions 13.0.0.32841 and earlier, update to a version later than 13.0.0.32841 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.