Modify

Opened 6 years ago

Closed 9 months ago

Last modified 9 months ago

#8725 closed defect (fixed)

[Patch] Minor path traversal vulnerability

Reported by: tinus Owned by: tinus
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: Ryan J Ollos Trac Release: 0.11

Description

If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.

Attachments (1)

downloadsplugin.patch (755 bytes) - added by tinus 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by tinus

Attachment: downloadsplugin.patch added

comment:1 Changed 6 years ago by Ryan J Ollos

Summary: minor path travelsal vulnerability[Patch] Minor path travelsal vulnerability

comment:2 Changed 6 years ago by Ryan J Ollos

Cc: Ryan J Ollos added; anonymous removed

comment:3 Changed 4 years ago by Ryan J Ollos

Owner: changed from Radek Bartoň to Ryan J Ollos
Status: newassigned

comment:4 Changed 9 months ago by Ryan J Ollos

Status: assignedaccepted
Summary: [Patch] Minor path travelsal vulnerability[Patch] Minor path traversal vulnerability

comment:5 Changed 9 months ago by Ryan J Ollos

Resolution: fixed
Status: acceptedclosed

In 16018:

1.0.0dev: Fix path traversal vulnerability

Patch by tinus.

Fixes #8725.

comment:6 Changed 9 months ago by Ryan J Ollos

Owner: changed from Ryan J Ollos to tinus

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain tinus.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.