How to submit a bug/feature request

Notice! This tracker is deprecated

This tracker is available read-only for historical purposes and will be discontinued, the new op5 tracker is available at jira.op5.com
The specific bug/feature you are watching is/will be available here in the future.

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007677op5 Monitorpluginspublic2013-09-03 14:342014-01-30 15:18
Reportermfalkvidd 
Assigned Tomsikstrom 
PriorityimmediateSeverityblockReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product version4.1.4 
Target Version6.1.3Fixed in Version6.1.3 
Summary0007677: plugin allows unauthenticated users to read files on the monitor server [CVE-2013-6141]
DescriptionOne of the plugins shipped with op5 monitor does not sanitize input and does not require authorization. Therefore, it is possible for a remote unauthenticated user to read any file on the file system as the web server user.
Additional InformationThere is no way to explain in detail what the flaw is without also showing how to exploit it and therefore exposing installations that have not yet updated. Because of this, we will not share further details at the moment.

Registered at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6141 [^]
TagsNo tags attached.
last_reviewed
level_of_efforta 1-2 hours
moscowNone
needs_documentationNo
priority_score0
Attached Files

- Relationships

-  Notes
(0015827)
mfalkvidd (administrator)
2013-09-03 14:36
edited on: 2013-10-14 13:19

Security advisory Monitor 5.x: Update through yum
Security advisory monitor 6.x: Update through yum or use the 6.1.3 tarball


- Issue History
Date Modified Username Field Change
2013-09-03 14:34 mfalkvidd New Issue
2013-09-03 14:34 mfalkvidd Status new => assigned
2013-09-03 14:34 mfalkvidd Assigned To => msikstrom
2013-09-03 14:34 mfalkvidd Issue generated from: 0007659
2013-09-03 14:34 mfalkvidd Relationship added duplicate of 0007659
2013-09-03 14:35 mfalkvidd Status assigned => closed
2013-09-03 14:35 mfalkvidd Resolution open => fixed
2013-09-03 14:35 mfalkvidd Fixed in Version => 6.1.3
2013-09-03 14:36 mfalkvidd Note Added: 0015827
2013-09-03 14:57 mfalkvidd View Status private => public
2013-09-03 16:12 mfalkvidd Additional Information Updated View Revisions
2013-10-14 13:18 mfalkvidd Description Updated View Revisions
2013-10-14 13:19 mfalkvidd Note Edited: 0015827 View Revisions
2013-10-14 13:20 mfalkvidd Description Updated View Revisions
2013-10-16 08:30 mfalkvidd Summary plugin allows unauthenticated users to read files on the monitor server => plugin allows unauthenticated users to read files on the monitor server [CVE-2013-6141]
2014-01-30 15:18 mfalkvidd Additional Information Updated View Revisions