SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

SailPoint Delimited File Connector 安全漏洞

SailPoint身份安全云连接器文件路径遍历漏洞

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources.

SailPoint Delimited File Connector是SailPoint公司的一种只读且规则驱动的连接器。 SailPoint Delimited File Connector存在安全漏洞，该漏洞源于存在文件路径遍历漏洞，允许经过身份验证的管理员设置任意连接器属性，从而允许用户访问其他源上传的文件。

在“分隔符文件连接器”云连接器中发现了一个文件路径遍历漏洞，允许已认证的管理员设置任意连接器属性，包括“文件”属性，进而使用户可以访问为其他来源上传的文件。