Security issue: File / folder name not being escaped correctly in filebrowser
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Mahara | ||||||
19.04 |
Fix Released
|
High
|
Unassigned | |||
19.10 |
Fix Released
|
High
|
Unassigned | |||
20.04 |
Fix Released
|
High
|
Unassigned | |||
20.10 |
Fix Released
|
High
|
Robert Lyon |
Bug Description
In your browser with the debug console visible to see javascript output
Have a site and go to the Create -> Files page
Upload an image and then edit it and change the
name: Image<script>
description: This is Image<script>
Create a new folder called:
Folder<
Go into the new folder and upload another file
Problem 1 you see 'bad folder!' in the console bar
Create a page and add an image block to the page and select the image with bad name
Problem 2 you see 'bad name!' in console bar
Save block and then edit it again
Problem 3 you see 'bad name!' in console bar again
Add the folder block to the page
Problem 4 you see 'bad folder!' in the console bar
CVE References
information type: | Private Security → Public Security |
Changed in mahara: | |
milestone: | 20.10.0 → none |
no longer affects: | mahara |
This is most likely an issue in the group / institution / site areas as well as they all use the same js files to do the filebrowser so when it comes to testing / verifying do check there as well