Ticket #8725 (new defect)

Opened 2 years ago

Last modified 1 year ago

[Patch] Minor path travelsal vulnerability

Reported by: tinus Assigned to: Blackhex
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: rjollos Trac Release: 0.11

Description

If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.

Attachments

downloadsplugin.patch (0.7 kB) - added by tinus on 04/20/11 16:41:17.

Change History

04/20/11 16:41:17 changed by tinus

  • attachment downloadsplugin.patch added.

04/21/11 07:42:02 changed by rjollos

  • summary changed from minor path travelsal vulnerability to [Patch] Minor path travelsal vulnerability.

01/03/12 13:43:28 changed by rjollos

  • cc set to rjollos.

Add/Change #8725 ([Patch] Minor path travelsal vulnerability)




Change Properties
Action