CVE-2022-32167

Name of the Vulnerable Software and Affected Versions Cloudreve versions v1.0.0 through v3.5.3

Description The issue is related to Stored Cross-Site Scripting (XSS) via the file upload functionality. A low-privileged user can share a file with an admin user, potentially leading to privilege escalation.

Recommendations For Cloudreve versions v1.0.0 through v3.5.3, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the file sharing feature to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.