Description
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Remediation
References
https://fusionauth.io/docs/v1/tech/release-notes
https://github.com/FusionAuth/fusionauth-issues/issues/1983
Related Vulnerabilities
CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bc-fips
CVE-2019-1003097 Vulnerability in maven package com.ds.tools.hudson:crowd
CVE-2021-21160 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-2183 Vulnerability in maven package org.jenkins-ci.plugins:copyartifact
CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify