]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f0aa067) | patch
mgr/dashboard: fix improper URL checking
authorErnesto Puerta <epuertat@redhat.com>
Wed, 15 Jan 2020 12:54:26 +0000 (13:54 +0100)
committerAbhishek Lekshmanan <abhishek@suse.com>
Fri, 24 Jan 2020 12:16:30 +0000 (13:16 +0100)
commit8392c2cb89a8419411843eaa6bc850ee9d7ef9be
tree85482ecaad62bb7be47c16a0b579a9fdaa77f6c4tree | snapshot
parentf0aa067ac7a02ee46ea48aa26c6e298b5ea272e9commit | diff
mgr/dashboard: fix improper URL checking

This change disables up-level references beyond the HTTP base directory.
[CVE-2020-1699]

Fixes: https://tracker.ceph.com/issues/43607
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit 0443e40c11280ba3b7efcba61522afa70c4f8158)

Conflicts:
  - src/pybind/mgr/dashboard/tests/test_home.py (refactored tests)
src/pybind/mgr/dashboard/controllers/home.py diff | blob | history
src/pybind/mgr/dashboard/tests/test_home.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.