Path traversal

2022-07-2723:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

CPENameOperatorVersion
goanywhere_managed_file_transferlt6.8.3

CPE	Name	Operator	Version
	goanywhere_managed_file_transfer	lt	6.8.3

References

my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml

www.goanywhere.com/support/advisory/68x

www.goanywhere.com/support/release-notes/mft?limit=0