CVE-2023-41717

Name of the Vulnerable Software and Affected Versions Zscaler Proxy versions 3.6.1.25 and prior

Description The issue is related to inappropriate file type control, which can be exploited by local attackers to bypass file download and upload restrictions. This can potentially allow an attacker to elevate their privileges by sending specially crafted requests, thus circumventing security limitations.

Recommendations For Zscaler Proxy versions 3.6.1.25 and prior, consider restricting access to the proxy server until a patch is available. As a temporary workaround, limit the types of files that can be uploaded or downloaded to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.