ColdFusion versions 2023.6, 2021.12 and earlier are...
High severity
Unreviewed
Published
Mar 18, 2024
to the GitHub Advisory Database
•
Updated Mar 18, 2024
Description
Published by the National Vulnerability Database
Mar 18, 2024
Published to the GitHub Advisory Database
Mar 18, 2024
Last updated
Mar 18, 2024
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
References