Impact
Attackers can read arbitrary files on affected versions of melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require authentication.
Users should immediately upgrade to melisplatform/melis-asset-manager >= 5.0.1.
Patches
This issue was addressed by restricting access to files to intended directories only.
References
For more information
If you have any questions or comments about this advisory, you can contact:
- The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;
- The maintainers, by opening an issue on this repository.
Impact
Attackers can read arbitrary files on affected versions of
melisplatform/melis-asset-manager, leading to the disclosure of sensitive information. Conducting this attack does not require authentication.Users should immediately upgrade to
melisplatform/melis-asset-manager>= 5.0.1.Patches
This issue was addressed by restricting access to files to intended directories only.
References
For more information
If you have any questions or comments about this advisory, you can contact: