CVE-2023-36819

Name of the Vulnerable Software and Affected Versions Knowage versions 6.x.x through 8.1.7

Description The issue affects the Knowage suite, allowing authenticated users to exploit the templateName parameter in the /knowage/restful-services/dossier/importTemplateFile endpoint to download any file from the system. This is possible due to the lack of sanitization of the templateName parameter, enabling an attacker to use *../* and escape the directory where templates are normally placed. The result is that a low-privileged attacker can exfiltrate sensitive configuration files.

Recommendations For Knowage versions 6.x.x through 8.1.7, update to version 8.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the /knowage/restful-services/dossier/importTemplateFile endpoint until the update can be applied. Additionally, limiting the use of the templateName parameter can help minimize the risk of exploitation.