View Issue Details

IDProjectCategoryView StatusLast Update
0000276Bacula-Websecurity-issuepublic2019-01-06 18:46
ReporterdavideAssigned Todavide 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSDebianOS Version8.0 (Jessie)
Product Version8.1.0 
Target Version8.2.0Fixed in Version8.2.0 
Summary0000276: Smarty - Fix CVE-2018-13982
DescriptionSmarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files.
Additional Informationhttps://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
TagsNo tags attached.

Activities

davide

2018-11-17 10:28

manager   ~0000894

Security issue fixed by upgrading Smarty to latest 2.6 version

davide

2019-01-05 12:51

manager   ~0000937

As of opened bug report, Bacula-Web is not impacted by this vulnerability issue
https://github.com/smarty-php/smarty/issues/518

Issue History

Date Modified Username Field Change
2018-11-17 07:53 davide New Issue
2018-11-17 07:53 davide Status new => assigned
2018-11-17 07:53 davide Assigned To => davide
2018-11-17 10:28 davide Status assigned => resolved
2018-11-17 10:28 davide Resolution open => fixed
2018-11-17 10:28 davide Fixed in Version => 8.2.0
2018-11-17 10:28 davide Note Added: 0000894
2019-01-05 12:51 davide Note Added: 0000937
2019-01-06 18:46 davide View Status private => public