CVE-2022-29590 - PowerShell Universal Published Folder Escape

adam · April 21, 2022, 6:44pm

This is a companion discussion topic for the original entry at https://blog.ironmansoftware.com/CVE-2022-published-folder-escape/

DataTraveler · April 23, 2022, 2:53pm

Kudos to the customer who reported this and @adam for lightning speed response

tom.obrien · April 25, 2022, 8:27am

Hi @adam,
Does this also affect published folders on v2.9 of Universal Dashboard?

Thanks

edit:

Sorry I’ve just seen how to test it, yes it does affect UD2.9. Am I right in assuming that it is out of support now and UD2.9 won’t be patched?

PorreKaj · April 25, 2022, 9:15am

As mentioned in the article

The following version numbers contain the fix for this issue.

1.5.22
2.9.4
2.10.2
3.0.0-beta4

tom.obrien · April 25, 2022, 10:04am

Sorry, I meant Universal Dashboard v2.9 running standalone (pre-PSU), rather than PowerShell Universal. It looks like the download for 2.9.4 is a download for PSU.

adam · April 25, 2022, 2:05pm

This does not affect UD 2.9

Topic		Replies	Views
Updates to avoid CVE-2021-26701	2	377	July 7, 2021
Powershell Universal - Published Folders PowerShell Universal	6	573	October 9, 2020
PowerShell Universal v1.1.1 PowerShell Universal	11	1356	June 2, 2020
2.9.4 - Changelog not opening Universal Dashboard	1	267	May 13, 2022
Migrating from Universal Dashboard v2.9 Announcements	35	1904	September 17, 2020

CVE-2022-29590 - PowerShell Universal Published Folder Escape

Related Topics