PT-2023-22026 · Filerun · Filerun
Christian Pöschl
·
Publicado
2023-12-05
·
Atualizado
2023-12-11
·
CVE-2023-28876
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Filerun versions through Update 20220202
Description
A Broken Access Control issue in comments to uploaded files allows attackers to delete comments on files uploaded by other users.
Recommendations
For versions through Update 20220202, update to a version later than Update 20220202 to resolve the issue. As a temporary workaround, consider restricting access to the comment deletion functionality to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Filerun