This is a security advisory regarding the authenticated local file disclosure vulnerability in inline image handling in AssetExplorer, which has been identified and rectified. AssetExplorer users with version 6976 and below might be affected.
This vulnerability can allow adversaries to download local files from the server on which AssetExplorer is installed. Through a compromised technician or admin's login credentials, the adversary would be able to fetch any local file from the AssetExplorer server by sending an email notification from the application with a crafted image URL. If the file is present in that location, it is sent as an attachment.
What led to the vulnerability?
The crafted image's URL was not processed properly when the email notification is sent from the compromised technician or admin's account.
Who is affected?
This vulnerability affects AssetExplorer customers of all editions using versions 6976 and below.
How have we fixed it?
We have added additional checks to process the inline image to avoid the local file disclosure vulnerability.
How to find out if you are affected
Click the Help link in the top-right corner of the AssetExplorer web client, and select About from the drop-down to see your current version. If your current version of AssetExplorer (all editions) is 6976 or below, your installation is vulnerable.
Please follow this forum post for any further updates regarding this vulnerability.
What customers should do
AssetExplorer customers who fit the above criteria can upgrade to the latest version (6977) using the appropriate migration path.
Important note: As always, make a copy of the entire AssetExplorer installation folder before applying the upgrade, and keep the copy in a separate location. If anything goes wrong during the upgrade, you will have this copy as a backup, which will keep all your settings intact. If you are using a Microsoft SQL Server as a backend database, back up the AssetExplorer database before upgrading. Once the upgrade is successfully completed, remember to delete the backup.
We offer our sincerest apologies for any inconvenience this may have caused. If you have any questions or concerns, please reach out to us at firstname.lastname@example.org.