Bug List: (11 of 13) First Last Prev Next   Show last search results
Bug 1143652 - AUDIT-FIND: obs-service-set_version: path traversal
Summary: AUDIT-FIND: obs-service-set_version: path traversal
Status: NEW
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Minor
Target Milestone: ---
Assignee: Adrian Schröter
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/238483/
Whiteboard:
Keywords:
Depends on:
Blocks: 1119444
  Show dependency treegraph
 
Reported: 2019-07-31 14:10 UTC by Malte Kraus
Modified: 2024-05-17 11:53 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Malte Kraus 2019-07-31 14:10:24 UTC 
> takes an potentially absolute path to what files should be modified. Only files in the build root should be allowed.
Comment 1 Johannes Segitz 2020-12-02 09:04:42 UTC 
That's true, but the attack primitive is very limited. Opened https://github.com/openSUSE/obs-service-set_version/issues/66 to increase visibility.
Bug List: (11 of 13) First Last Prev Next   Show last search results