Project

General

Profile

Actions

Bug #14974

closed

Arbitrary command execution in rudder relay API due to missing parameter sanitization

Added by Alexis Mousset over 5 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

There is no validation of the "classes" parameters which allows passing arbitrary arguments to the executed command, allowing access to a local root account through CFEngine (-f parameter and local policy in /tmp for example).

It requires:

  • having a local access to the root server to get root access locally, or
  • using the root IP to get root access to relays

Subtasks 2 (0 open2 closed)

Bug #14976: Remove code execution in rudder relay API - 5.1 version ReleasedAlexis MoussetActions
Bug #14977: Parent ticket breaks empty classes case RejectedActions
Actions

Also available in: Atom PDF