Knowage Server vulnerable to path traversal via upload functionality
Description
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to /knowageqbeengine/foo.jsp to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the knowageqbeengine directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.
Affected products
1- Range: >= 6.0.0, < 8.1.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.