It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected.
This issue affects versions 16 and 17 of Umbraco Forms and is patched in 16.4.1 and 17.1.1
If upgrading is not immediately possible, users can mitigate this vulnerability by:
../, ..\) in the fileName parameter of the export endpoint/umbraco/forms/api/v1/export endpoint entirely if the export feature is not requiredHowever, upgrading to the patched version is strongly recommended.
Credit to Kevin Joensen from Baldur Security for finding this vulnerability
16.4.117.1.1Exploitability
AV:NAC:LAT:PPR:LUI:NVulnerable System
VC:HVI:NVA:NSubsequent System
SC:NSI:NSA:N6.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N