Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Security vulnerabilities discovered #598
Thank you very much for checking CM for security vulnerabilities! I have fixed them in the
To all the CM users listening in: The two vulnerabilities found by feedersec could only be exploited by logged-in users. However, especially in the case that you are running CM as root (which you should not!) one of the vulnerabilities could lead to the compromise of your server. I'll release a new version now, please make sure to update as soon as possible.
Many thanks again @feedersec, please contact me again if you find anything in the future!
Thanks for fixing @devsnd! For the CM community's information, the following CVE references can be used to track the vulnerabilities: