Bug #9888: ACME output sent to browser without encoding - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #9888

closed

ACME output sent to browser without encoding

Added by Jim Pingle about 5 years ago. Updated almost 5 years ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

ACME

Target version:

Start date:

11/08/2019

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

All

Description

ACME issue/renew output is sent directly to the browser without encoding. In some cases, user input may be included in that output, leading to a potential XSS. Notably, the RootFolder parameter for the webroot local folder method is affected.

Actions

Copy link

Updated by Jim Pingle about 5 years ago

Status changed from New to Feedback

Fixed in ACME package version 0.6.3_1

https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8

Actions

Copy link

Updated by Jim Pingle about 5 years ago

Private changed from Yes to No

Actions

Copy link

Updated by Jim Pingle almost 5 years ago

Status changed from Feedback to Resolved
% Done changed from 0 to 100

Fixed months ago, no additional feedback.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #9888

ACME output sent to browser without encoding

Updated by Jim Pingle about 5 years ago

Updated by Jim Pingle about 5 years ago

Updated by Jim Pingle almost 5 years ago