Outpost24

**Name of the Vulnerable Software and Affected Versions** CrushFTP versions 10.0.0 through 10.8.3 CrushFTP versions 11.0.0 through 11.3.0 **Description** The vulnerability in CrushFTP is related to improper authentication, allowing remote and unauthenticated HTTP requests to gain unauthorized access. This can be exploited to impersonate a user, conduct administrative actions, and retrieve data. Over 1,500 servers are at risk, with attackers actively exploiting this flaw. Technical details include the use of S3-style headers to bypass authentication. **Recommendations** For CrushFTP versions 10.0.0 through 10.8.3, update to version 10.8.4 or later. For CrushFTP versions 11.0.0 through 11.3.0, update to version 11.3.1 or later. As a temporary workaround, consider restricting access to the vulnerable HTTP(S) ports until a patch is applied.