Modify

Opened 13 years ago

Closed 7 years ago

Last modified 7 years ago

#8725 closed defect (fixed)

[Patch] Minor path traversal vulnerability

Reported by: tinus Owned by: tinus
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: Ryan J Ollos Trac Release: 0.11

Description

If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.

Attachments (1)

downloadsplugin.patch (755 bytes) - added by tinus 13 years ago.

Download all attachments as: .zip

Change History (7)

Changed 13 years ago by tinus

Attachment: downloadsplugin.patch added

comment:1 Changed 13 years ago by Ryan J Ollos

Summary: minor path travelsal vulnerability[Patch] Minor path travelsal vulnerability

comment:2 Changed 12 years ago by Ryan J Ollos

Cc: Ryan J Ollos added; anonymous removed

comment:3 Changed 10 years ago by Ryan J Ollos

Owner: changed from Radek Bartoň to Ryan J Ollos
Status: newassigned

comment:4 Changed 7 years ago by Ryan J Ollos

Status: assignedaccepted
Summary: [Patch] Minor path travelsal vulnerability[Patch] Minor path traversal vulnerability

comment:5 Changed 7 years ago by Ryan J Ollos

Resolution: fixed
Status: acceptedclosed

In 16018:

1.0.0dev: Fix path traversal vulnerability

Patch by tinus.

Fixes #8725.

comment:6 Changed 7 years ago by Ryan J Ollos

Owner: changed from Ryan J Ollos to tinus

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain tinus.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.