3 matches found
CVE-2023-38702
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...
CVE-2023-38702 Knowage Server vulnerable to path traversal via upload functionality
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...
CVE-2023-38702
Knowage (open source analytics BI suite) prior to 8.1.8 is affected by CVE-2023-38702. An unauthenticated user can reach the endpoint /knowage/restful-services/dossier/importTemplateFile and upload a template file to the knowageqbeengine directory. Uploading a JSP file to that directory enables c...