FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-28T00:00:00
Updated: 2024-08-03T14:24:03.214Z
Reserved: 2022-11-27T00:00:00
Link: CVE-2022-45921
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-11-28T21:15:10.747
Modified: 2022-12-01T23:07:57.327
Link: CVE-2022-45921
Redhat
No data.