Authorization

2023-08-0419:15:00

PRIOn knowledge base

www.prio-n.com

knowage

security vulnerability

unauthenticated upload

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to /knowageqbeengine/foo.jsp to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the knowageqbeengine directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

CPENameOperatorVersion
knowagege6.1.0
knowagelt8.1.8

CPE	Name	Operator	Version
	knowage	ge	6.1.0
	knowage	lt	8.1.8

References

github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc