Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42725: transfers: Don't allow a received file to be saved outside of the · linuxmint/warpinator@5244c33

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.

CVE
#linux

@@ -4,6 +4,7 @@ import logging import stat import shutil import gettext
from gi.repository import GLib, Gio, GObject
@@ -12,6 +13,8 @@ import prefs import warp_pb2
_ = gettext.gettext
FILE_INFOS = ",".join([ "standard::size", "standard::allocated-size", @@ -164,6 +167,7 @@ class FileReceiver(GObject.Object): def __init__(self, op): super(FileReceiver, self).__init__() self.save_path = prefs.get_save_path() self.save_path_file = Gio.File.new_for_path(self.save_path) self.op = op self.preserve_perms = prefs.preserve_permissions() and util.save_folder_is_native_fs() self.preserve_timestamp = prefs.preserve_timestamp() and util.save_folder_is_native_fs() @@ -208,6 +212,9 @@ def receive_data(self, s):
if not self.current_gfile: self.current_gfile = Gio.File.new_for_path(path) # Check for valid path (GFile resolves paths upon creation). if self.save_path_file.get_relative_path(self.current_gfile) is None: raise Exception(_(“Resolved path is not valid: %s -> %s”) % (path, self.current_gfile.get_path()))
if s.file_type == FileType.DIRECTORY: os.makedirs(path, exist_ok=True)

Related news

CVE-2023-29380: security - Warpinator: Remote file deletion vulnerability (CVE-2023-29380)

Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907