Impact
It was found that the technique creation API suffers from a path traversal vulnerability. The endpoint handling updates of techniques uses the category string of the request without sanitizing it on constructing a file system target path. The backend consequently moves files from the resources directory of a workspace to this target path on updates to the technique.
This allows an attacker to move files from the resources directory of a workspace to other, yet unintended, paths on the Rudder backend host. Depending on the content in the resources directory this can lead to other vulnerabilities.
Patches
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Impact
It was found that the technique creation API suffers from a path traversal vulnerability. The endpoint handling updates of techniques uses the category string of the request without sanitizing it on constructing a file system target path. The backend consequently moves files from the resources directory of a workspace to this target path on updates to the technique.
This allows an attacker to move files from the resources directory of a workspace to other, yet unintended, paths on the Rudder backend host. Depending on the content in the resources directory this can lead to other vulnerabilities.
Patches
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References