Security Advisory
Path Traversal in GoAnywhere MFT 7.4.1 and Earlier
Thu, 03/14/2024
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.
Using a crafted URL, an unauthorized user may access pages within GoAnywhere. This may lead to information disclosure. In non-default configurations it may also allow web user self-registration in some...