oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection

From: Maxim Solodovnik <solomax () apache org>
Date: Fri, 12 May 2023 01:20:05 +0000
Severity: important

Affected versions:

- Apache OpenMeetings 2.0.0 before 7.1.0

Description:

An attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

This issue is being tracked as OPENMEETINGS-2765 

Credit:

Stefan Schiller (reporter)

References:

https://openmeetings.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-29246
https://issues.apache.org/jira/browse/OPENMEETINGS-2765
Previous By Date Next
Previous By Thread Next

Current thread: