Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: ed7a89f8be9aba60d8b180639d888f8778340ad1
https://github.com/Checkmk/checkmk/commit/ed7a89f8be9aba60d8b180639d888f877…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
A .werks/15200
M active_checks/check_sftp
M cmk/gui/plugins/wato/active_checks.py
Log Message:
-----------
15200 SEC Restrict check_sftp local paths
check_sftp now only allows uploading files from and downloading files to
a dedicated directory in SITE_HOME/var. While the names and general
meaning of the command line arguments remain unchanged, paths are now
always interpreted relative to that dedicated directory.
Attempting to escape from this directory (path traversal) will cause the
check to abort and fail.
Change-Id: Iaa369dfbfdad9140fb8367514fd68a578b40c5e8
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 0608b85b178a720bd99f028de3590b0c65e4c1da
https://github.com/Checkmk/checkmk/commit/0608b85b178a720bd99f028de3590b0c6…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
A .werks/15200.md
M cmk/active_checks/check_sftp.py
M cmk/gui/plugins/wato/active_checks/sftp.py
M tests/unit/cmk/active_checks/test_check_sftp.py
Log Message:
-----------
15200 SEC Restrict check_sftp local paths
check_sftp now only allows uploading files from and downloading files to
a dedicated directory in SITE_HOME/var. While the names and general
meaning of the command line arguments remain unchanged, paths are now
always interpreted relative to that dedicated directory.
Attempting to escape from this directory (path traversal) will cause the
check to abort and fail.
Change-Id: Iaa369dfbfdad9140fb8367514fd68a578b40c5e8
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 84dd7511986e29bec46a31347eb11f0fc9a78909
https://github.com/Checkmk/checkmk/commit/84dd7511986e29bec46a31347eb11f0fc…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
A .werks/15200
M active_checks/check_sftp
M cmk/gui/plugins/wato/active_checks/sftp.py
Log Message:
-----------
15200 SEC Restrict check_sftp local paths
check_sftp now only allows uploading files from and downloading files to
a dedicated directory in SITE_HOME/var. While the names and general
meaning of the command line arguments remain unchanged, paths are now
always interpreted relative to that dedicated directory.
Attempting to escape from this directory (path traversal) will cause the
check to abort and fail.
Change-Id: Iaa369dfbfdad9140fb8367514fd68a578b40c5e8
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications