A severe security flaw has been identified in FileSender, the popular web-based application that allows authenticated users to securely send large files. The vulnerability, classified as CVE-2024-45186, was discovered by security researcher Jonathan Bouman. This server-side template injection vulnerability allows non-authenticated users to retrieve server credentials, putting sensitive data and systems at risk.
FileSender’s vulnerability affects versions below 2.49 and 3.x beta, potentially compromising the integrity of deployments using the platform. The flaw allows unauthorized users to exploit the server’s template processing function, gaining access to critical credentials stored on the server. Although the CVSS score of 7.9 indicates the issue is not critical for every installation, the potential exposure of credentials demands immediate attention from users.
Click here to read the full article
Article posted by: .
GÉANT does not necessarily endorse any opinion, real or implied, expressed by the poster.
All brand, company and product names are trademarks of their respective owners.