CVE-2022-38731

Name of the Vulnerable Software and Affected Versions Qaelum DOSE versions 18.08 through 21.1 before 21.2

Description The issue allows Directory Traversal via the loadimages name parameter, enabling a user to specify an arbitrary location on the server's filesystem from which to load an image. Although only images are displayed to the attacker, all other files are loaded but not displayed. The Content-Type response header reflects the actual content type of the file being requested, allowing an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, enabling an attacker to coerce authentication from the server to the attacker's machine.

Recommendations For Qaelum DOSE versions 18.08 through 21.1 before 21.2, update to version 21.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the loadimages parameter to minimize the risk of exploitation. Avoid using the loadimages name parameter in the affected API endpoint until the issue is resolved.