mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
Files
scarthgap
meta-openembedded/meta-webserver/recipes-webadmin/webmin/files/0001-Add-missing-permissions-check-when-saving-allowed-cr.patch
T
Gyorgy Sarvari 7435780bbe webmin: patch CVE-2022-0829 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0829

Pick the patch from the nvd report details.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 80b5365780)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30

26 lines
807 B
Diff
Raw Permalink Blame History

From 15dd0e4e55579671c01e4808236beb4fe23e9eef Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 19 Feb 2022 13:10:36 -0800
Subject: [PATCH] Add missing permissions check when saving allowed cron users
CVE: CVE-2022-0829
Upstream-Status: Backport [https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
cron/save_allow.cgi | 1 +
1 file changed, 1 insertion(+)
diff --git a/cron/save_allow.cgi b/cron/save_allow.cgi
index 87bbe453..73df9a84 100755
--- a/cron/save_allow.cgi
+++ b/cron/save_allow.cgi
@@ -4,6 +4,7 @@
require './cron-lib.pl';
&ReadParse();
+$access{'allow'} || &error($text{'allow_ecannot'});
&lock_file($config{cron_allow_file});
&lock_file($config{cron_deny_file});
Reference in New Issue View Git Blame Copy Permalink