An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
CPE | Name | Operator | Version |
---|---|---|---|
unitrends_backup | ge | 10.0 | |
unitrends_backup | lt | 10.5.5 |