Impact
When called with an invalid token, the restore backup script displays the full path of the token and doesn't escape token name properly.
Patches
- 2.7.1 : packages community, essential, professional
- 3.0.0 : to be published
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12777
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
When called with an invalid token, the restore backup script displays the full path of the token and doesn't escape token name properly.
Patches
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12777
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com