CVE-2023-51648

Name of the Vulnerable Software and Affected Versions Allegra version 7.5.0 Build 29

Description This issue allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege level. The specific flaw exists within the getFileContentAsString method, resulting from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to disclose stored credentials, leading to further compromise.

Recommendations For Allegra version 7.5.0 Build 29, upgrade to a newer version to mitigate the risk of sensitive data exposure. As a temporary workaround, consider restricting access to the getFileContentAsString method until a patch is available.