*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
maasserver.api.get_file_by_name is used to define a couple of API
operations: AnonFilesHandler.get_by_name and FilesHandler.get_by_name.
However, it does not verify ownership of the file, thus allowing anyone
to download any file. FileHandler.read is an example of what should be
done.
get_file_by_key may be similarly vulnerable; filed as bug 1379826.
** Affects: maas
Importance: Critical
Assignee: Blake Rouse (blake-rouse)
Status: Fix Released
** Affects: maas/1.2
Importance: Critical
Status: Won't Fix
** Affects: maas/1.3
Importance: Critical
Status: Won't Fix
** Affects: maas/1.5
Importance: Undecided
Status: Won't Fix
** Affects: maas/1.7
Importance: Undecided
Status: Won't Fix
** Affects: maas/1.9
Importance: Critical
Assignee: Blake Rouse (blake-rouse)
Status: Fix Released
** Affects: maas/trunk
Importance: Critical
Assignee: Blake Rouse (blake-rouse)
Status: Fix Released
** Tags: api security
--
get_file_by_name does not check owner
https://bugs.launchpad.net/bugs/1212205
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
