A high-severity vulnerability has been identified in the "import a Project" component, affecting multiple products including iceScrum v7. This flaw, known as a Zip Slip vulnerability, allows a remote attacker to upload a malicious archive file that can write files to arbitrary locations on the server. Successful exploitation could lead to remote code execution and a complete compromise of the affected system.

This vulnerability is a path traversal flaw, commonly referred to as "Zip Slip." An attacker can exploit this by crafting a malicious zip archive containing files with path traversal sequences in their filenames (e.g., ../../../../etc/passwd). When the vulnerable "import a Project" component processes this archive, it fails to sanitize the file paths before extraction. This allows the attacker-controlled file to be written outside of the intended destination directory, enabling them to overwrite critical system files, configuration files, or upload a web shell to achieve remote code execution on the server.

This is a high-severity vulnerability with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could grant an attacker full control over the affected server, leading to severe consequences. These include the theft of sensitive project data, customer information, and intellectual property; disruption of business operations through system downtime or data corruption; and reputational damage. A compromised server could also be used as a pivot point to launch further attacks against the internal network, escalating the security incident.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor to all affected systems immediately. After patching, it is crucial to monitor for any signs of post-exploitation activity by reviewing access logs for unusual file upload events or access to suspicious files.

Proactive Monitoring: Implement enhanced logging and monitoring for the application server. Security teams should look for:

• Logs: Any errors or warnings related to file extraction from the "import a Project" component.
• File System: Use File Integrity Monitoring (FIM) to detect the creation of unexpected files (e.g., .jsp, .php, .sh) in web-accessible directories or system-critical locations.
• Network Traffic: Monitor for anomalous outbound connections from the application server, which could indicate a reverse shell or data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Disable the "import a Project" functionality until patches can be applied.
• If disabling is not possible, restrict access to the feature to a minimal number of trusted administrative users.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block requests containing path traversal payloads (../).
• Ensure the application is running with the lowest possible user privileges to limit the impact of a potential file write.

Public Exploit Available: false

Given the high severity (CVSS 8.8) of this vulnerability and its potential to allow for remote code execution, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied security patches to all affected systems. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity and the ease of exploitation represent a significant and immediate risk. If patching is delayed, the compensating controls outlined above must be implemented as a temporary measure to reduce the attack surface.