2 matches found
CVE-2023-46851
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remot...
CVE-2023-46851
CVE-2023-46851 affects Apache Allura 1.0.1–1.15.0, caused by importing attachments without restricting URL values, enabling reading of local files. This exposes internal files and can lead to exploits such as session hijacking or remote code execution. A fix is available in Allura 1.16.0. If upgr...