util function vulnerability
Last revised: 2021-11-01
Summary
We have had a vulnerability reported in our utility controller used by Open-AudIT. The issue has been fixed and will be available in the next release of Open-AudIT.
If you require the fix now, please download the following file from github and copy it to:
. The vulnerability is caused by un-validated user input to a publicly available function. The patch removes this vulnerability by only allowing this function to be called from localhost as well as validating the user input.
Severity: Severe
This issue is remotely exploitable by unauthenticated users. All users are advised to patch immediately.
Products Affected
Open-AudIT Community versions 3.5.0 and later.
Available Updates
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.
Workarounds and Mitigations
Download the attached file and place in:
Linux - ...
/usr/local/open-audit/code_igniter/application/controllers...
\util.php
Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php
The fix will work regardless of the version you are currently running.
The git patch details are below.
...
| View file | ||||
|---|---|---|---|---|
|
...
Apologies for any inconvenience caused.
...