You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The server.hostname variable is used, as far as I can tell from the source code this value comes directly from the server and there is no checks to verify that it doesn't contain something that might cause a path traversal (i.e. ../ ).
I have not verified this in any way, as it was annoying to untangle the oauth things in front of it.
It also feels like a very low risk vulnerability, as the software is hardcoded to go against the mozilla servers.
The text was updated successfully, but these errors were encountered:
If Mozilla servers were compromised, hostnames could be used for path
traversal attacks. The impact would be very low as it would only be
possible to write wireguard configs.
Fix#14
If Mozilla servers were compromised, hostnames could be used for path
traversal attacks. The impact would be very low as it would only be
possible to write wireguard configs.
Fix#14
I tried to read through the code prior to using it, and here:
https://github.com/NilsIrl/MozWire/blob/trunk/src/main.rs#L442
The
server.hostname
variable is used, as far as I can tell from the source code this value comes directly from the server and there is no checks to verify that it doesn't contain something that might cause a path traversal (i.e. ../ ).I have not verified this in any way, as it was annoying to untangle the oauth things in front of it.
It also feels like a very low risk vulnerability, as the software is hardcoded to go against the mozilla servers.
The text was updated successfully, but these errors were encountered: