=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN459

_____________________________________________________________________

DATE                : 08/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Allura versions prior to
                                           1.16.0.

=====================================================================
https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx
_____________________________________________________________________

CVE-2023-46851: Apache Allura: sensitive information exposure via
import


Severity: critical

Affected versions:

- Apache Allura 1.0.1 through 1.15.0

Description:

Allura Discussion and Allura Forum importing does not restrict URL
values specified in attachments. Project administrators can run these
imports, which could cause Allura to read local files and expose them.
Exposing internal files then can lead to other exploits, like session
hijacking, or remote code execution.


This issue affects Apache Allura from 1.0.1 through 1.15.0.

Users are recommended to upgrade to version 1.16.0, which fixes the
issue.  If you are unable to upgrade,
set "disable_entry_points.allura.importers = forge-tracker,
forge-discussion" in your .ini config file.


Credit:

Stefan Schiller (Sonar) (finder)


References:

https://allura.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-46851


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================