CVE-2016-6578

Name of the Vulnerable Software and Affected Versions CodeLathe FileCloud versions 13.0.0.32841 and earlier

Description The issue allows an attacker to perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. This is due to a global cross-site request forgery (CSRF) vulnerability.

Recommendations For CodeLathe FileCloud versions 13.0.0.32841 and earlier, update to a version later than 13.0.0.32841 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.