Issue #850: fix access check in host.distRepoMove - koji

koji

#850 fix access check in host.distRepoMove

Closed: Fixed 6 years ago Opened 6 years ago by mikem.

The host.distRepoMove hub call does not perform the correct access checks. This bug allows an attacker to manipulate the filesystem, potentially destroying data or exposing secrets.

This issue has been assigned CVE-2018-1002150

You can read the full announcement here:
https://docs.pagure.org/koji/CVE-2018-1002150/

mikem commented 6 years ago

Commit ab1ade7 fixes this issue

Metadata Update from @mikem:
- Issue private status set to: False (was: True)

6 years ago

Metadata Update from @tkopecek:
- Issue set to the milestone: 1.16

5 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Normal

Milestone

1.16

Size

None

koji

Source Code

Documentation

#850 fix access check in host.distRepoMove Closed: Fixed 6 years ago Opened 6 years ago by mikem.

Metadata

#850 fix access check in host.distRepoMove

Closed: Fixed 6 years ago Opened 6 years ago by mikem.