Bug #9866: freeradius_view_config.php: File contents are displayed without encoding - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #9866

closed

freeradius_view_config.php: File contents are displayed without encoding

Added by Jim Pingle over 4 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

FreeRADIUS

Target version:

Start date:

10/31/2019

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

All

Description

freeradius_view_config.php reads and displays the contents of several FreeRADIUS-related files. The contents are displayed without encoding, which enables potential XSS exploitation.

Actions

Copy link

Updated by Jim Pingle over 4 years ago

Status changed from New to Feedback

Fixed in FreeRADIUS3 pkg version 0.15.7_3

https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a

Actions

Copy link

Updated by Jim Pingle over 4 years ago

Private changed from Yes to No

Actions

Copy link

Updated by Max Leighton over 3 years ago

Tested in freeradius3 version 0.15.7_20. I see special characters are being converted as expected. This issue can be marked as resolved.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Status changed from Feedback to Resolved

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #9866

freeradius_view_config.php: File contents are displayed without encoding

Updated by Jim Pingle over 4 years ago

Updated by Jim Pingle over 4 years ago

Updated by Max Leighton over 3 years ago

Updated by Jim Pingle over 3 years ago