An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Unitrends_backup |
Kaseya |
10.0 (including) |
10.5.5 (excluding) |
References