Skip to end of banner
Go to start of banner

Errata - 4.2.0 / 3.5.0 util function vulnerability

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

util function vulnerability

Last revised: 2021-11-01

Summary

We have had a vulnerability reported in our utility controller used by Open-AudIT. The issue has been fixed and will be available in the next release of Open-AudIT. The vulnerability is caused by un-validated user input to a publicly available function. The patch removes this vulnerability by only allowing this function to be called from localhost as well as validating the user input.

Severity: Severe

This issue is remotely exploitable by unauthenticated users. All users are advised to patch immediately.

Products Affected

Open-AudIT Community versions 3.5.0 and later.

Available Updates

A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.

Workarounds and Mitigations

Download the attached file and place in:

Linux - /usr/local/open-audit/code_igniter/application/controllers\util.php
Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php

  • No labels