PT-2017-19380 — Red Hat Koji

PT-2017-19380 · Red Hat · Koji

Published

2017-10-06

Updated

2017-10-06

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Koji version 1.13.0

Description The issue arises from improper validation of SCM paths, enabling an attacker to bypass blacklisted paths for build submission.

Recommendations For Koji version 1.13.0, update to a version that properly validates SCM paths to prevent exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

PYSEC-2017-144

Koji