Headline
CVE-2018-1002150: Issue #850: fix access check in host.distRepoMove - koji
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
The host.distRepoMove hub call does not perform the correct access checks. This bug allows an attacker to manipulate the filesystem, potentially destroying data or exposing secrets.
This issue has been assigned CVE-2018-1002150
You can read the full announcement here:
https://docs.pagure.org/koji/CVE-2018-1002150/
Metadata Update from @mikem:
- Issue private status set to: False (was: True)
4 years ago
Metadata Update from @tkopecek:
- Issue set to the milestone: 1.16
4 years ago
Login to comment on this ticket.