This advisory discloses a security vulnerability that has been found in ServicePulse and fixed in a recently released version.
- ServicePulse versions 1.24 or 1.24.1 should be upgraded to the latest version of ServicePulse to fix this vulnerability.
- Users using IIS to host ServicePulse are not affected
If there are any questions or concerns regarding this advisory, send an email to security@particular.net.
ServicePulse directory traversal vulnerability
A vulnerability has been fixed in the ServicePulse host application that allows attackers to access files using malicious URLs.
Impact
Attackers can use this vulnerability to read any file the ServicePulse host process has access to. The default user account for new ServicePulse installations is Local Service, which has access to the files on the host system.
Exploitability
The exploitation of this vulnerability requires the attacker to have access to the ServicePulse web application.
Affected versions
Versions 1.24 and 1.24.1 of ServicePulse are affected by this vulnerability.
Risk mitigation
If it is not possible to immediately upgrade ServicePulse to the latest version, the following approach can be used as a temporary workaround:
- Change the user account running the ServicePulse service to a user with file access restricted to files located in the ServicePulse installation folder only, by default
C:\.Program Files (x86)\ Particular Software\ ServicePulse
Fix
This vulnerability can be fixed by upgrading ServicePulse to the latest version. Upgrades should be performed as follows:
Download and run the latest version of the ServicePulse installer, following the online installation instructions
Contact info
If there are any questions or concerns regarding this advisory, contact security@particular.net.