Modify

Opened 6 years ago

Closed 6 days ago

Last modified 6 days ago

#8725 closed defect (fixed)

[Patch] Minor path traversal vulnerability

Reported by: tinus Owned by: tinus
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: rjollos Trac Release: 0.11

Description

If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.

Attachments (1)

downloadsplugin.patch (755 bytes) - added by tinus 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by tinus

comment:1 Changed 6 years ago by rjollos

  • Summary changed from minor path travelsal vulnerability to [Patch] Minor path travelsal vulnerability

comment:2 Changed 5 years ago by rjollos

  • Cc rjollos added; anonymous removed

comment:3 Changed 3 years ago by rjollos

  • Owner changed from Blackhex to rjollos
  • Status changed from new to assigned

comment:4 Changed 6 days ago by rjollos

  • Status changed from assigned to accepted
  • Summary changed from [Patch] Minor path travelsal vulnerability to [Patch] Minor path traversal vulnerability

comment:5 Changed 6 days ago by rjollos

  • Resolution set to fixed
  • Status changed from accepted to closed

In 16018:

1.0.0dev: Fix path traversal vulnerability

Patch by tinus.

Fixes #8725.

comment:6 Changed 6 days ago by rjollos

  • Owner changed from rjollos to tinus

Add Comment

Modify Ticket

Action
as closed The owner will remain tinus.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.