CVE-2019-15630

Name of the Vulnerable Software and Affected Versions Mule Runtime versions 3.2.0 through 4.x MuleSoft API Gateway versions prior to August 1, 2019

Description The issue is related to directory traversal errors in the processing of relative paths to restricted directories. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability affects the APIkit, HTTP connector, and OAuth2 Provider components, enabling remote attackers to read files accessible to the Mule process.

Recommendations For Mule Runtime versions 3.2.0 through 4.x, update to a version released after August 1, 2019. For MuleSoft API Gateway versions prior to August 1, 2019, update to a version released after August 1, 2019. As a temporary workaround, consider restricting access to the vulnerable APIkit, HTTP connector, and OAuth2 Provider components until a patch is available.