Actions
Bug #19969
closed
Don't allow directory traversal through plugin URL
Status:
Released
Priority:
N/A
Assignee:
Category:
Plugins integration
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
Description
Currently the plugin are downloaded to the temporary location:
/var/rudder/tmp/plugins/https://download.rudder.io/plugins/./7.0/consul/release/rudder-plugin-consul-7.0.0~beta1-2.0.rpkg
which allows directory traversal.
Updated by Alexis Mousset about 3 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset about 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Félix DALLIDET
- Pull Request set to https://github.com/Normation/rudder/pull/3889
Updated by Alexis Mousset about 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|7748d289d32100a63b48d57d38e060818a0c91c5.
Updated by Vincent MEMBRÉ about 3 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.0.0~beta2 which was released today.
Actions