Breadcrumbs

Advisory 2022-03/2 Potential Improper Authorization Check Vulnerability

https://fileclouddocs.atlassian.net/wiki/plugins/servlet/confluence/placeholder/unknown-macro?name=customtitleandmetaform&locale=en_US&version=2

Improper authorization vulnerability

Security Advisory Date

March 22, 2022

Vulnerability Type

Potential unauthorized data access.

Severity factors

This vulnerability has a medium severity rating.

Versions affected

FileCloud Versions 20.2 and later

Version fixed

FileCloud Version 21.3.3.18468

Description

This vulnerability enables authenticated users to change phone numbers of other users whose userids are known to them. 

Fix

This has been fixed in FileCloud version 21.3.3.18468.