Avide-Zerbetto

**Name of the Vulnerable Software and Affected Versions** Knowage versions 6.x.x through 8.1.7 **Description** The issue affects the Knowage suite, allowing authenticated users to exploit the ` templateName ` parameter in the `/knowage/restful-services/dossier/importTemplateFile` endpoint to download any file from the system. This is possible due to the lack of sanitization of the ` templateName ` parameter, enabling an attacker to use `*../*` and escape the directory where templates are normally placed. The result is that a low-privileged attacker can exfiltrate sensitive configuration files. **Recommendations** For Knowage versions 6.x.x through 8.1.7, update to version 8.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the `/knowage/restful-services/dossier/importTemplateFile` endpoint until the update can be applied. Additionally, limiting the use of the ` templateName ` parameter can help minimize the risk of exploitation.