Modify

Opened 6 years ago

Closed 5 months ago

Last modified 5 months ago

#8725 closed defect (fixed)

[Patch] Minor path traversal vulnerability

Reported by: tinus Owned by: tinus
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: Ryan J Ollos Trac Release: 0.11

Description

If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.

Attachments (1)

downloadsplugin.patch (755 bytes) - added by tinus 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by tinus

Attachment: downloadsplugin.patch added

comment:1 Changed 6 years ago by Ryan J Ollos

Summary: minor path travelsal vulnerability[Patch] Minor path travelsal vulnerability

comment:2 Changed 5 years ago by Ryan J Ollos

Cc: Ryan J Ollos added; anonymous removed

comment:3 Changed 3 years ago by Ryan J Ollos

Owner: changed from Radek Bartoň to Ryan J Ollos
Status: newassigned

comment:4 Changed 5 months ago by Ryan J Ollos

Status: assignedaccepted
Summary: [Patch] Minor path travelsal vulnerability[Patch] Minor path traversal vulnerability

comment:5 Changed 5 months ago by Ryan J Ollos

Resolution: fixed
Status: acceptedclosed

In 16018:

1.0.0dev: Fix path traversal vulnerability

Patch by tinus.

Fixes #8725.

comment:6 Changed 5 months ago by Ryan J Ollos

Owner: changed from Ryan J Ollos to tinus

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain tinus.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.