Werk #10462: WATO backups: Fix file path traversal vulnerability
Komponente | Setup |
Titel | WATO backups: Fix file path traversal vulnerability |
Datum | 22.11.2019 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.5.0p24 1.6.0p7 2.0.0i1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
The backup target directory was not validated correctly which made it possible for an attacker that has access to WATO backups to compromise the site.
Using this vulnerability it was possible to write backup files to directories that are writable by the site user.
Thanks to Robin ypid
Schneider.