hostname from server maybe trusted without check and used in file path #14
Comments
NilsIrl
added a commit
that referenced
this issue
Aug 18, 2020
If Mozilla servers were compromised, hostnames could be used for path traversal attacks. The impact would be very low as it would only be possible to write wireguard configs. Fix #14
NilsIrl
added a commit
that referenced
this issue
Aug 19, 2020
If Mozilla servers were compromised, hostnames could be used for path traversal attacks. The impact would be very low as it would only be possible to write wireguard configs. Fix #14
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried to read through the code prior to using it, and here:
https://github.com/NilsIrl/MozWire/blob/trunk/src/main.rs#L442
The
server.hostnamevariable is used, as far as I can tell from the source code this value comes directly from the server and there is no checks to verify that it doesn't contain something that might cause a path traversal (i.e. ../ ).I have not verified this in any way, as it was annoying to untangle the oauth things in front of it.
It also feels like a very low risk vulnerability, as the software is hardcoded to go against the mozilla servers.
The text was updated successfully, but these errors were encountered: