[CONTINUUM-1412] File Inclusion Vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.1-beta-2
Fix Version/s: 1.1-beta-3
Component/s: Security
Labels:
None
Environment:
Java version: 1.5.0_10
OS name: "linux" version: "2.6.16.49-xen-osl4-ipsec-domu" arch: "i386"

Description

The value of the userDirectory variable used when calling workingCopy.action is not filtered properly. This gives anyone who can access workingCopy.action the ability to read any file on the file system with the permissions that jetty is running as.

For example, let's say we have continuum installed in /usr/local/continuum. Say we have a project named build-tools with a projectId of 10. Using the following URL, I can display the contents of /proc/version (see attached screenshot).

http://some-server.domain.com:8080/continuum/workingCopy.action?projectId=10&projectName=build-tools&userDirectory=../../../../../../../../../proc/&file=version

This is really bad if the user is running continuum as root because it gives the attacker access to every file on the file system.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

continuum.JPG
24/Aug/07 11:14
37 kB
Tom Cort
CONTINUUM-1412.patch
27/Aug/07 07:30
1 kB
Tom Cort

Activity

People

Assignee:: Emmanuel Venisse

Reporter:: Tom Cort

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Aug/07 11:14

Updated:: 28/Aug/07 14:32

Resolved:: 28/Aug/07 14:32