Insecure Sudo Rule Allows Apache User to Read Arbitrary Files in Kaseya Unitrends Backup Appliance

Insecure Sudo Rule Allows Apache User to Read Arbitrary Files in Kaseya Unitrends Backup Appliance

CVE-2021-43043 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

Learn more about our Cis Benchmark Audit For Apache Http Server.