Asterisk Recording Interface Security Bypass and Information

Two vulnerabilities have been identified in ARI (Asterisk Recording Interface), which could be exploited by attackers to gain knowledge of sensitive information.The first issue is due to an error where the "includes/main.conf" file is accessible without authentication, which could be exploited by attackers to obtain sensitive information.The second flaw is due to an input validation error in the "misc/audio.php" file that does not validate the "recording" parameter, which could be exploited by attackers to gain access to arbitrary files (e.g mp3, wav or gsm).