Actions
Bug #14974
closed
Arbitrary command execution in rudder relay API due to missing parameter sanitization
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:
Description
There is no validation of the "classes" parameters which allows passing arbitrary arguments to the executed command, allowing access to a local root account through CFEngine (-f parameter and local policy in /tmp for example).
It requires:
- having a local access to the root server to get root access locally, or
- using the root IP to get root access to relays
Updated by Alexis Mousset almost 5 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset almost 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/1944
Updated by Rudder Quality Assistant almost 5 years ago
- Assignee changed from Benoît PECCATTE to Alexis Mousset
Updated by Alexis Mousset almost 5 years ago
- Assignee changed from Alexis Mousset to Benoît PECCATTE
Updated by Alexis Mousset almost 5 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|457ccf1c23a9b9d9dfe534121912fe2c65a0255f.
Updated by Alexis Mousset almost 5 years ago
- Subject changed from Remove code execution in rudder relay API to Remote code execution in rudder relay API due to missing parameter sanitization
Updated by Alexis Mousset almost 5 years ago
- Subject changed from Remote code execution in rudder relay API due to missing parameter sanitization to Code execution in rudder relay API due to missing parameter sanitization
Updated by Alexis Mousset almost 5 years ago
- Subject changed from Code execution in rudder relay API due to missing parameter sanitization to Arbitrary command execution in rudder relay API due to missing parameter sanitization
Updated by Vincent MEMBRÉ almost 5 years ago
- Fix check changed from To do to Error - Fixed
Updated by Vincent MEMBRÉ almost 5 years ago
- Fix check changed from Error - Fixed to To do
Updated by Alexis Mousset almost 5 years ago
- Name check changed from To do to Reviewed
Updated by Benoît PECCATTE almost 5 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ almost 5 years ago
This bug has been fixed in Rudder 4.1.24 and 5.0.12 which were released today.
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
Actions