Werk #10462: WATO backups: Fix file path traversal vulnerability

Komponente Setup
Titel WATO backups: Fix file path traversal vulnerability
Datum 22.11.2019
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 1.5.0p24 1.6.0p7 2.0.0i1
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

The backup target directory was not validated correctly which made it possible for an attacker that has access to WATO backups to compromise the site.

Using this vulnerability it was possible to write backup files to directories that are writable by the site user.

Thanks to Robin ypid Schneider.

Zur Liste aller Werks