Product<\/strong>: FileCloud Drive
Affected Version<\/strong>: Unknown
Vulnerability Type<\/strong>: CWE 1395 - Dependency on Vulnerable Third-Party Component
Security Risk<\/strong>: CRITICAL (see CVE-2022-29247)
Vendor URL<\/strong>: https:\/\/www.filecloud.com\/<\/a>
Vendor acknowledged vulnerability<\/strong>: Yes
Vendor Status<\/strong>: Unknown
CVE number<\/strong>: Not eligible<\/p>\n
Affected Component<\/h3>\n
Dependency of FileCloud Drive<\/p>\n
Description<\/h3>\n
Outdated dependencies may introduce security vulnerabilities in software and should be checked regularly for new releases.
FileCloud Drive uses an outdated version of electron for which known vulnerabilities exist.
Also, the used release was release over a year ago which may indicate that a process for checking for new version of used dependencies does not exist.<\/p>\n
Proof of Concept<\/h3>\n
1) Download FileCloud Drive for Windows: https:\/\/www.filecloud.com\/additional-downloads\/<\/a> 4) Open \"fcedc.log\":<\/p>\n 5) At the top of the file the version number of electron is documented: 13.6.9 Update Electron to the current version<\/p>\n This security vulnerability was identified by Merten Nagel of usd AG.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2023-0027 | Outdated Electron used by FileCloud Drive Advisory ID: usd-2023-0027Product: FileCloud DriveAffected Version: UnknownVulnerability Type: CWE 1395 - Dependency on Vulnerable Third-Party ComponentSecurity Risk: CRITICAL (see CVE-2022-29247)Vendor URL: https:\/\/www.filecloud.com\/Vendor acknowledged vulnerability: YesVendor Status: UnknownCVE number: Not eligible Affected Component Dependency of FileCloud Drive Description Outdated dependencies may introduce security vulnerabilities in software and should […]<\/p>\n","protected":false},"author":114,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-22305","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/114"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=22305"}],"version-history":[{"count":5,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22305\/revisions"}],"predecessor-version":[{"id":22454,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/22305\/revisions\/22454"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=22305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2) Install it
3) Go to the following path:
Local Disk (C:) > Users > pentester > AppData > Roaming > FileCloud Drive > data<\/p>\n![\"\"](\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/log_file_location.png\")
<\/h1>\n![\"\"](\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2024\/01\/fcedc_log.png\")
<\/h1>\n
The current version of electron is: v25.3.1
See: https:\/\/releases.electronjs.org\/releases\/stable<\/a><\/p>\nFix<\/h3>\n
References<\/h3>\n
\n
Timeline<\/h3>\n
\n
Credits<\/h3>\n