Skip to end of banner
Go to start of banner

Errata - 4.2.0, 3.5.0 and onwards util function vulnerability

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

util function vulnerability

Last revised: 2021-11-01

Summary

We have had a vulnerability reported in our utility controller used by Open-AudIT. The issue has been fixed and will be available in the next release of Open-AudIT. The vulnerability is caused by un-validated user input to a publicly available function. The patch removes this vulnerability by validating the user input.

Severity: Severe

This issue is remotely exploitable by unauthenticated users. All users are advised to patch immediately.

Products Affected

Open-AudIT Community versions 3.5.0 and later.

Available Updates

A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.

Workarounds and Mitigations

Download the attached file and replace the following file:

Linux - /usr/local/open-audit/code_igniter/application/controllers\util.php

Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php

The file is also available on Github at https://raw.githubusercontent.com/Opmantek/open-audit/master/code_igniter/application/controllers/util.php


You can view the associated commits also on Github at:

https://github.com/Opmantek/open-audit/commit/21547c1cd47d5e7f362d08febe1dfccf649fe5b1#diff-0d4f2e9612b02690fdeac430d36d1a8c334d6fb1e1d17c223cbfe5321b2bd04e

https://github.com/Opmantek/open-audit/commit/1ce039306d85598880ff25fbeb20195ef3b7a993#diff-0d4f2e9612b02690fdeac430d36d1a8c334d6fb1e1d17c223cbfe5321b2bd04e



  • No labels