#850 fix access check in host.distRepoMove
Closed: Fixed 6 months ago by mikem. Opened 7 months ago by mikem.

The host.distRepoMove hub call does not perform the correct access checks. This bug allows an attacker to manipulate the filesystem, potentially destroying data or exposing secrets.

This issue has been assigned CVE-2018-1002150

You can read the full announcement here:
https://docs.pagure.org/koji/CVE-2018-1002150/


Metadata Update from @mikem:
- Issue private status set to: False (was: True)

6 months ago

Metadata Update from @tkopecek:
- Issue set to the milestone: 1.16

5 months ago

Login to comment on this ticket.

Metadata