ID: 6787
Title: Notification spooler: Fixed file path traversal vulnerability
Component: Notifications
Level: 2
Class: Security fix
Version: 1.6.0i1
The notification daemon of one site connects to the notification daemon of another site
to exchange notifications between both sites.
The notification daemon was not validating the incoming data correctly which made it
possible
for an attacker that has access to the notification sending site to compromise the
receiving
site.
Using this vulnerability it was possible to write write files in directories that are
writable
by the receiving site user. This could be used to gain access to the site.