The host.distRepoMove hub call does not perform the correct access checks. This bug allows an attacker to manipulate the filesystem, potentially destroying data or exposing secrets.
This issue has been assigned CVE-2018-1002150
You can read the full announcement here:
Commit ab1ade7 fixes this issue
Metadata Update from @mikem:
- Issue private status set to: False (was: True)
Metadata Update from @tkopecek:
- Issue set to the milestone: 1.16
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.4 — Documentation