zuul/bare-role at 9cbb681446d4c958e9e6f312f6efcfd3642962aa - zuul

History

Tobias Henkel 9cbb681446 Fix plugin injection vulnerability Currently it is possible to inject speculative plugins into untrusted jobs. These plugins are run locally on the executor and make it possible to run arbitraty code within the bwrap context. There are two problems here. First the path check is broken such it never matches a plugin dir. Further we don't check paths residing within playbook dirs. Change-Id: Idf1b940de2be7819afeb2dbad943fad2ae7ebc55	2018-03-16 18:12:35 +01:00
..
filter_plugins	Fix plugin injection vulnerability	2018-03-16 18:12:35 +01:00
tasks	Fix plugin injection vulnerability	2018-03-16 18:12:35 +01:00

Currently it is possible to inject speculative plugins into untrusted
jobs. These plugins are run locally on the executor and make it
possible to run arbitraty code within the bwrap context.

There are two problems here. First the path check is broken such it
never matches a plugin dir. Further we don't check paths residing
within playbook dirs.

Change-Id: Idf1b940de2be7819afeb2dbad943fad2ae7ebc55

2018-03-16 18:12:35 +01:00

filter_plugins

Fix plugin injection vulnerability

2018-03-16 18:12:35 +01:00

tasks

Fix plugin injection vulnerability

2018-03-16 18:12:35 +01:00