PT-2023-18754 · Smartbear · Smartbear Zephyr Enterprise

Published

2023-03-08

Updated

2025-03-05

CVE-2023-22890

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SmartBear Zephyr Enterprise versions through 7.15.0

Description The issue allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

Recommendations For SmartBear Zephyr Enterprise versions through 7.15.0, restrict access to file upload functionality to prevent unauthenticated users from uploading large files until a patch is available. Consider implementing size limits on file uploads as a temporary mitigation measure.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-22890

Affected Products

Smartbear Zephyr Enterprise

PT-2023-18754 · Smartbear · Smartbear Zephyr Enterprise

CVE-2023-22890

Weakness Enumeration

Related Identifiers

Affected Products

References · 7