Impact
It is possible to write files outside of the git configuration repository (by default /var/rudder/configuration-repository/) using a path traversal when importing an archive from the Rudder interface or API. After editing an xml field value of an active technique category id, e.g. from c65e1edc-2b23-4215-a719-c36cfd919252 to ../../../../../etc/app/settings, commiting the change with git and restoring the archive, we could create the /etc/app/settings/category.xml.
Impact is limited because it does not allow overriding existing file/directories, and the output file will always be category.xml.
Patches
Workarounds
None.
References
Impact
It is possible to write files outside of the git configuration repository (by default
/var/rudder/configuration-repository/) using a path traversal when importing an archive from the Rudder interface or API. After editing an xml field value of an active technique category id, e.g. fromc65e1edc-2b23-4215-a719-c36cfd919252to../../../../../etc/app/settings, commiting the change with git and restoring the archive, we could create the/etc/app/settings/category.xml.Impact is limited because it does not allow overriding existing file/directories, and the output file will always be
category.xml.Patches
Workarounds
None.
References