PT-2023-18754 · Smartbear · Smartbear Zephyr Enterprise

Publicado

2023-03-08

Atualizado

2025-03-05

CVE-2023-22890

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SmartBear Zephyr Enterprise versions through 7.15.0

Description The issue allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

Recommendations For SmartBear Zephyr Enterprise versions through 7.15.0, restrict access to file upload functionality to prevent unauthenticated users from uploading large files until a patch is available. Consider implementing size limits on file uploads as a temporary mitigation measure.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-22890

Produtos afetados

Smartbear Zephyr Enterprise

PT-2023-18754 · Smartbear · Smartbear Zephyr Enterprise

CVE-2023-22890

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7