CVE-2023-33498

Name of the Vulnerable Software and Affected Versions alist versions <=3.16.3

Description The issue concerns incorrect access control, allowing accounts with low privilege levels to upload any file. This can potentially lead to unauthorized access and data breaches. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions <=3.16.3, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation. Avoid using file upload features with low-privilege accounts until the issue is resolved.