Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 7: MGASA-2021-0147 Moderate: Koji Directory Traversal Risk

mageia
Calendar Grey March 21, 2021
Dist Mageia Esm H88
Versions of Koji up to 1.17.0 are susceptible to remote directory traversal, risking unauthorized privilege escalation. To fix this, update to the latest version where the issue is resolved. Additionally, perform strict input validation and parameter sanitization on user inputs. Implement robust access controls, limiting user permissions to essential levels. Regularly review and audit server configurations and file permissions to spot potential exploitation risks. For enhanced security, monitor logs for suspicious file access and user activity.
Koji through 1.17.0 allows remote Directory Traversal, with resulting Privilege Escalation

Summary

Koji through 1.17.0 allows remote Directory Traversal, with resulting Privilege Escalation.

References

- https://bugs.mageia.org/show_bug.cgi?id=25959

- https://bugzilla.redhat.com/show_bug.cgi?id=1768882

- https://www.cve.org/CVERecord?id=CVE-2019-17109

Topics%20covered

Topics Covered

security advisory moderate privilege escalation directory traversal moderate risk Mageia mageia

Resolution

SRPMS

- 7/core/koji-1.17.1-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 21 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0147.html
Type: security
CVE: CVE-2019-17109

Topics%20covered

Topics Covered

security advisory moderate privilege escalation directory traversal moderate risk Mageia mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here