We’ve had a vulnerability flagged up by our information security team with the published folders function. (Was flagged when I tried to download the 5.4 nightly build but apparently affects current versions)
Summary: Version 4.5.x and 5.x.x are vulnerable to an information disclosure through directory traversal when using PowerShell Universal published folders. Systems that do not have this feature configured, are not affected. If authenticated published folders are configured, the attacker will need to be authenticated.
Score: 5.4
Severity: Medium
Are there any plans to mitigate this in future versions?
In the meantime is there a way to disable the published folders function entirely to prevent any issues?
Thanks