Project

General

Profile

Actions
Copy link

Security #6118

closed
VJ JI

datasets: absolute path in rules can overwrite arbitrary files

Security #6118: datasets: absolute path in rules can overwrite arbitrary files

Added by Victor Julien almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
7.0.0-rc2
Affected Versions:
Label:
CVE:
2023-35852
Git IDs:

fd79b337ca4618d9cf2ac7b37db98f81d97ffab2

Severity:
HIGH
Disclosure Date:

Description

Only restricted by permissions the Suricata process user & group, if any.

Subtasks 1 (0 open1 closed)

Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)ClosedJason IshActions

OT Updated by OISF Ticketbot almost 3 years ago Actions
Copy link
 #1

  • Subtask #6119 added

OT Updated by OISF Ticketbot almost 3 years ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 6.0)

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #3

  • Severity changed from MODERATE to HIGH

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #4

  • Assignee changed from Eric Leblond to Jason Ish

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #5

  • Status changed from In Review to Resolved

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #6

  • Git IDs updated (diff)

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #8

  • CVE set to 2023-35852

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #9

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom