Skip to the content.

CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability

CVE CVE-2022-41217
Discovered by
  • Witold Gorecki
Credits
Affected products
Product Affected Unaffected Unknown
Hybrid Software Cloudflow on Windows, MacOS, Linux >= 2.x.y < 2.3.1 to < 2.3.1
everything else
Page author Victor Pasman
CVSS Base score: 8.8 (HIGH)
References
Problem type(s) CWE-434: Unrestricted Upload of File with Dangerous Type
Impact(s) CAPEC-650 Upload a Web Shell to a Web Server
Solution(s) Upgrade to version 2.3.2 of Cloudflow
Last modified 23 Feb 2023 12:56

Description

Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.


JSON version