Branch: refs/heads/2.1.0
Home:
https://github.com/tribe29/checkmk
Commit: 55ab4d74652f811b3a9407446d93eeb51f0724a3
https://github.com/tribe29/checkmk/commit/55ab4d74652f811b3a9407446d93eeb51…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-01-09 (Mon, 09 Jan 2023)
Changed paths:
A .werks/15065
M cmk/utils/packaging.py
Log Message:
-----------
15065 SEC Path-Traversal in MKP storing
Previous to this Werk it was possible that an authenticated user with admin rights uploads
a malicious MKP leading to a file creation with an attacker controlled path.
We thank Niko Wenselowsk (SVA) for reporting this issue.
<b>Affected versions are:</b>
LI: 2.0.0 previous to this Werk
LI: 2.1.0 previous to this Werk
LI: 1.6.0 is not affected
<b>Detection possibilities:</b>
A audit log is written when an extension package is uploaded.
You can look for a entry with <tt>Uploaded extension package</tt> follwed by a
package name and version containing sequences of <tt>../</tt>.
<b>Vulnerability Management:</b>
We have rated the issue with a CVSS Score of 3.5 (low) with the following CVSS vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L.
We assigned CVE-2022-4884 to this vulnerability.
FEED-7598
Change-Id: I80f9e0047546a609e4d12aba30b353e201cfab1d