[checkmk-commits] [tribe29/checkmk] ff3a14: 10462 SEC WATO backups: Fix file path traversal vu...

25 Nov 2019

  Branch: refs/heads/1.6.0
  Home:   https://github.com/tribe29/checkmk
  Commit: ff3a14d583a5fe3f923f385d029b6ecdc802fd23
      https://github.com/tribe29/checkmk/commit/ff3a14d583a5fe3f923f385d029b6ecdc…
  Author: Tom Baerwinkel &lt;tom.baerwinkel(a)tribe29.com&gt;
  Date:   2019-11-25 (Mon, 25 Nov 2019)

  Changed paths:
    A .werks/10462
    M cmk/gui/backup.py
    A tests/unit/cmk/gui/test_backup.py

  Log Message:
  -----------
  10462 SEC WATO backups: Fix file path traversal vulnerability

The backup target directory was not validated correctly which made it possible
for an attacker that has access to WATO backups to compromise the site.

Using this vulnerability it was possible to write backup files to directories
that are writable by the site user.

FEED-4352

Change-Id: I71494e247859c4ef229a003a1b7c2716acca1546

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] [tribe29/checkmk] ff3a14: 10462 SEC WATO backups: Fix file path traversal vu...