Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compromised client can fetch any payload #6

Open
Jasper-27 opened this issue Apr 20, 2023 · 1 comment
Open

Compromised client can fetch any payload #6

Jasper-27 opened this issue Apr 20, 2023 · 1 comment
Labels
vulnerability Security vulnerability

Comments

@Jasper-27
Copy link
Owner

Because the client is responsible for requesting the payload, if the client was to be compromised the code could be modified to request any payload in the payloads folder.
@Jasper-27 Jasper-27 added the vulnerability Security vulnerability label Apr 20, 2023
@Jasper-27
Copy link
Owner Author

A few weeks ago a change was made that limits to system to only being able to request files stored in the payloads directory, this reduces the impact of this issue. But a node could still request the wrong file within that folder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerability Security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jasper-27