Project

General

Profile

Actions
Copy link

Security #6118

closed

datasets: absolute path in rules can overwrite arbitrary files

Added by Victor Julien over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
7.0.0-rc2
Affected Versions:
Label:
CVE:
2023-35852
Git IDs:

fd79b337ca4618d9cf2ac7b37db98f81d97ffab2

Severity:
HIGH
Disclosure Date:

Description

Only restricted by permissions the Suricata process user & group, if any.

Subtasks 1 (0 open1 closed)

Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)ClosedJason IshActions
Actions
Copy link
 #1

Updated by OISF Ticketbot over 1 year ago

  • Subtask #6119 added
Actions
Copy link
 #2

Updated by OISF Ticketbot over 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #3

Updated by Jason Ish over 1 year ago

  • Severity changed from MODERATE to HIGH
Actions
Copy link
 #4

Updated by Jason Ish over 1 year ago

  • Assignee changed from Eric Leblond to Jason Ish
Actions
Copy link
 #5

Updated by Victor Julien over 1 year ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #6

Updated by Jason Ish over 1 year ago

  • Git IDs updated (diff)
Actions
Copy link
 #7

Updated by Jason Ish over 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #8

Updated by Jason Ish over 1 year ago

  • CVE set to 2023-35852
Actions
Copy link
 #9

Updated by Victor Julien over 1 year ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF