CVE-2023-48185

Name of the Vulnerable Software and Affected Versions TerraMaster versions v.s1.0 through v.2.295

Description The issue allows a remote attacker to obtain sensitive information via a crafted GET request. This is a Directory Traversal vulnerability, which enables access to files and directories that are not intended to be accessible.

Recommendations For TerraMaster versions v.s1.0 through v.2.295, as a temporary workaround, consider restricting access to sensitive information until a patch is available. Avoid using crafted GET requests in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.