Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2014-010: Injection / Filesystem vulnerability in generatesecuretoken

A minor issue in the the generatesecuretoken dev task enabled investigation of files on the filesystem. This attack allowed the existence of any file to be reported using the 'path' querystring parameter passing in a relative filesystem path. Additionally, the Content-Type header of the results of this page was set to 'text/html', which means that HTML injection could enable javascript to be injected via the querystring.

This issue has been resolved by removing the unnecessary 'path' querystring parameter, and ensuring the output of this page was correctly given the 'text/plain' Content-Type header.

This attack may only be performed by a privileged user (administrator), meaning it had a very low risk of being exploited.

Severity:
Low (?)
Identifier:
SS-2014-010
Versions Affected:
3.0.10, 3.1.4, master
Versions Fixed:
3.0.11, 3.1.5, master
Release Date:
2014-05-07

A minor issue in the the generatesecuretoken dev task enabled investigation of files on the filesystem. This attack allowed the existence of any file to be reported using the 'path' querystring parameter passing in a relative filesystem path. Additionally, the Content-Type header of the results of this page was set to 'text/html', which means that HTML injection could enable javascript to be injected via the querystring.

This issue has been resolved by removing the unnecessary 'path' querystring parameter, and ensuring the output of this page was correctly given the 'text/plain' Content-Type header.

This attack may only be performed by a privileged user (administrator), meaning it had a very low risk of being exploited.