Skip to content
Permalink
Browse files

Importing system enviroment in v-change-user-password

Thanks to @ScIT-Raphael for discovering this bug
  • Loading branch information
dpeca committed Apr 11, 2020
1 parent cc8a3e0 commit cfc46bb2a9555b76d805f514aabf883079a87f4d
Showing with 4 additions and 0 deletions.
  1. +4 −0 bin/v-change-user-password
@@ -13,6 +13,10 @@
user=$1
password=$2; HIDE=2

# Importing system enviroment as we run this script
# mostly by cron wich not read it by itself
source /etc/profile

# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf

2 comments on commit cfc46bb

@Skamasle

This comment has been minimized.

Copy link
Collaborator

@Skamasle Skamasle replied Apr 12, 2020

Hi

Why not add this just in main.sh ?
Maybe in orther site we have some bug related

And I suppose this bug affect only debian / ubuntu ?

@ScIT-Raphael

This comment has been minimized.

Copy link

@ScIT-Raphael ScIT-Raphael replied Apr 12, 2020

And I suppose this bug affect only debian / ubuntu ?

The security fix was for our fork, hestiacp/hestiacp@63931b6, which currently runs on ubuntu or debian only, so I can't answer your question. We got informed from Orange Cyberdefense Team (https://cyberdefense.orange.com/), which pointed us to the issue - probaly CentOS is also affected.

Please sign in to comment.
You can’t perform that action at this time.