CVE-2023-38702 Information

Description

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8 the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server but does not need any authorization to be reached. When the JSP file is uploaded the attacker just needs to connect to /knowageqbeengine/foo.jsp to gain code execution on the server. By exploiting this vulnerability an attacker with low privileges can upload a JSP file to the knowageqbeengine directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

Reference

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc