CVE-2023-51639
CVSS 3.0 Score 9.8 of 10 (critical)
Details
Summary
CVE-2023-51639 is a directory traversal authentication bypass vulnerability affecting Allegra's downloadExportedChart action. No authentication is required for exploitation. The issue arises due to insufficient validation of user-supplied paths before using them in file operations. An attacker can leverage this vulnerability to bypass the system's authentication, potentially gaining unauthorized access. (ZDI-CAN-22361) To summarize, CVE-2023-51639 is a serious vulnerability in Allegra's downloadExportedChart functionality. It allows bypassing the authentication mechanism without requiring any credentials. The weakness lies in the inadequate validation of user-supplied paths, which can be exploited to traverse directories and gain unauthorized access. This issue, previously identified as ZDI-CAN-22361, poses a significant risk for affected installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Allegra