[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code
From: Arnout Engelen <engelen () apache ! org>
Date: 2022-11-29 14:21:52
Message-ID: e3f656ef-0bb1-edf0-57f8-d62352a6675a () apache ! org
[Download RAW message or body]
Severity: important
Description:
Apache Fineract allowed an authenticated user to perform remote code execution due to a path \
traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to \
run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We \
recommend users to upgrade to 1.8.1.
Credit:
We would like to thank Aman Sapra, co-captain of the Super Guesser CTF team & Security \
researcher at CRED, for reporting this issue, and the Apache Security team for their \
assistance. We give kudos and karma to @Aleksandar Vidakovic for resolving this CVE.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic