This can be exploited by a malicious third party to obtain sensitive data by reading the /management/users/profile endpoint, or by injecting malicious code into a file hosted on the server via the /management/files endpoint. Both of these issues have been resolved in Gravitee API Management before 1.25.3. An issue existed in the Email service in Gravitee API Management before 1.25.3 where path traversal in the /management/users/register endpoint could be used to read arbitrary files via a request. This could be exploited by a malicious third party to obtain sensitive data by reading the /management/users/profile endpoint, or by injecting malicious code into a file hosted on the server via the /management/files endpoint. Both of these issues have been resolved in Gravitee API Management before 1.25.3. An issue existed in the Email service in Gravitee API Management before 1.25.3 where the request path could be used to inject client-side code into a file via the /management/files endpoint. This could be exploited by a malicious third party to obtain sensitive data via the /management/files endpoint. Both of these issues have been resolved in Gravitee API Management before 1.25.3. An issue existed in the Mail Service in Gravitee API Management before 1.25.3 where the request path could be used to inject client-side code into a file via the /management/files endpoint. This could
Solution
The vulnerability has been resolved by updating to version 1.25.3 of the Gravitee API Management package.
Timeline
Published on: 08/23/2022 01:15:00 UTC
Last modified on: 08/25/2022 18:22:00 UTC