Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Koji | Koji_project | 1.12.0 (including) | 1.12.0 (including) |
Koji | Koji_project | 1.13.0 (including) | 1.13.0 (including) |
Koji | Koji_project | 1.14.0 (including) | 1.14.0 (including) |
Koji | Koji_project | 1.15.0 (including) | 1.15.0 (including) |
Koji | Ubuntu | artful | * |
Koji | Ubuntu | bionic | * |
Koji | Ubuntu | cosmic | * |
Koji | Ubuntu | disco | * |
Koji | Ubuntu | eoan | * |
Koji | Ubuntu | xenial | * |