Branch: refs/heads/1.5.0
Home:
https://github.com/tribe29/checkmk
Commit: 111fbb5ed552e616cf98403a6862932762a2a576
https://github.com/tribe29/checkmk/commit/111fbb5ed552e616cf98403a686293276…
Author: Tom Baerwinkel <tom.baerwinkel(a)tribe29.com>
Date: 2019-11-25 (Mon, 25 Nov 2019)
Changed paths:
A .werks/10462
M web/htdocs/backup.py
Log Message:
-----------
10462 SEC WATO backups: Fix file path traversal vulnerability
The backup target directory was not validated correctly which made it possible
for an attacker that has access to WATO backups to compromise the site.
Using this vulnerability it was possible to write backup files to directories
that are writable by the site user.
FEED-4352
Change-Id: I71494e247859c4ef229a003a1b7c2716acca1546