CVE-2021-32516
QSAN Storage Manager - Path Traversal
In short
A flaw in QSAN Storage Manager lets attackers download any file from the server by manipulating file paths. This is dangerous because attackers can access sensitive data they shouldn't be able to reach.
Technical detail
Path traversal vulnerability in the share_link functionality allows unauthenticated remote attackers to bypass directory restrictions and download arbitrary files from the affected system. The vulnerability stems from insufficient input validation on file path parameters, enabling directory traversal sequences to access files outside intended directories.
Summary generated and translated by AI from the official description.
Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
QSAN · Storage ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →