[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code 
From:       Arnout Engelen <engelen () apache ! org>
Date:       2022-11-29 14:21:52
Message-ID: e3f656ef-0bb1-edf0-57f8-d62352a6675a () apache ! org
[Download RAW message or body]

Severity: important

Description:

Apache Fineract allowed an authenticated user to perform remote code execution due to a path \
traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to \
run remote code.  This issue affects Apache Fineract version 1.8.0 and prior versions. We \
recommend users to upgrade to 1.8.1.

Credit:

We would like to thank  Aman Sapra, co-captain of the Super Guesser CTF team & Security \
researcher at CRED, for reporting this issue, and the Apache Security team for their \
assistance.  We give kudos and karma to @Aleksandar Vidakovic for resolving this CVE. 


[prev in list] [next in list] [prev in thread] [next in thread]