*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
maasserver.api.get_file_by_name is used to define a couple of API operations: AnonFilesHandler.get_by_name and FilesHandler.get_by_name. However, it does not verify ownership of the file, thus allowing anyone to download any file. FileHandler.read is an example of what should be done. get_file_by_key may be similarly vulnerable; filed as bug 1379826. ** Affects: maas Importance: Critical Assignee: Blake Rouse (blake-rouse) Status: Fix Released ** Affects: maas/1.2 Importance: Critical Status: Won't Fix ** Affects: maas/1.3 Importance: Critical Status: Won't Fix ** Affects: maas/1.5 Importance: Undecided Status: Won't Fix ** Affects: maas/1.7 Importance: Undecided Status: Won't Fix ** Affects: maas/1.9 Importance: Critical Assignee: Blake Rouse (blake-rouse) Status: Fix Released ** Affects: maas/trunk Importance: Critical Assignee: Blake Rouse (blake-rouse) Status: Fix Released ** Tags: api security -- get_file_by_name does not check owner https://bugs.launchpad.net/bugs/1212205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs