CVE-2022-47878

Name of the Vulnerable Software and Affected Versions Jedox version 2020.2.5

Description The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to the execution of arbitrary code through consecutive file uploads.

Recommendations For Jedox version 2020.2.5, consider disabling the settings page or restricting access to the default-storage-path configuration to minimize the risk of exploitation. Avoid using the default-storage-path feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.