=====================================================================

                                CERT-Renater

                    Note d'Information No. 2022/VULN438

_____________________________________________________________________

DATE                : 29/11/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Fineract versions prior
                                        to 1.8.1.

=====================================================================
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg
_____________________________________________________________________

CVE-2022-44635: Apache Fineract allowed an authenticated user to
perform remote code execution due to path traversal


Severity: important

Description:

Apache Fineract allowed an authenticated user to perform remote code
execution due to a path traversal vulnerability in a file upload
component of Apache Fineract, allowing an attacker to run remote
code. This issue affects Apache Fineract version 1.8.0 and prior
versions. We recommend users to upgrade to 1.8.1.

Credit:

We would like to thank Aman Sapra, co-captain of the Super Guesser
CTF team & Security researcher at CRED, for reporting this issue,
and the Apache Security team for their assistance. We give kudos
and karma to @Aleksandar Vidakovic for resolving this CVE.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================