We use cookies to ensure that we give you the best experience on our website.  Visit our Privacy Policy to learn more. If you continue to use this site, we will assume that you are okay with it.

Your choices regarding cookies on this site.
Your preferences have been updated.
In order for the changes to take effect completely please clear your browser cookies and cache. Then reload the page.

Werk #10462: WATO backups: Fix file path traversal vulnerability

TitleWATO backups: Fix file path traversal vulnerability
Date2019-11-22 15:00:39
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.6.0p7,2.0.0i1,1.5.0p24
LevelTrivial Change
ClassSecurity Fix
CompatibilityCompatible - no manual interaction needed

The backup target directory was not validated correctly which made it possible for an attacker that has access to WATO backups to compromise the site.

Using this vulnerability it was possible to write backup files to directories that are writable by the site user.

Thanks to Robin `ypid` Schneider.