CVE-2023-6070

Name of the Vulnerable Software and Affected Versions ESM versions prior to 11.6.8

Description A server-side request forgery issue allows a low-privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data.

Recommendations For versions prior to 11.6.8, update to version 11.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the certificate validation functionality to minimize the risk of exploitation.