Actions
Bug #19969
closed
Don't allow directory traversal through plugin URL
Status:
Released
Priority:
N/A
Assignee:
Category:
Plugins integration
Target version:
Effort required:
Priority:
0
Description
Currently the plugin are downloaded to the temporary location:
/var/rudder/tmp/plugins/https://download.rudder.io/plugins/./7.0/consul/release/rudder-plugin-consul-7.0.0~beta1-2.0.rpkg
which allows directory traversal.
Updated by Alexis MOUSSET 8 months ago
- Status changed from New to In progress
- Assignee set to Alexis MOUSSET
Updated by Alexis MOUSSET 8 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis MOUSSET to Félix DALLIDET
- Pull Request set to https://github.com/Normation/rudder/pull/3889
Updated by Alexis MOUSSET 8 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|7748d289d32100a63b48d57d38e060818a0c91c5.
Updated by Vincent MEMBRÉ 7 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.0.0~beta2 which was released today.
Actions