Werk #13067: Fix path traversal vulnerability

Component	Setup
Title	Fix path traversal vulnerability
Date	Aug 16, 2021
Level	Trivial Change
Class	Security Fix
Compatibility	Compatible - no manual interaction needed
Checkmk versions & editions	2.1.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME) 2.0.0p10 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME) 1.6.0p26 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

An authenticated user was able to enumerate files ending with ".csv" on the filesystem, accessible to the siteuser.

To the list of all Werks