Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/wdormann/statuses/114434096629585541">Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 08-May-2025 13:25:44 JST</a><a href="https://infosec.exchange/@wdormann" title="wdormann@infosec.exchange"><img src="https://gnusocial.jp/avatar/232810-48-20240116185707.webp" width="48" height="48" alt="Will Dormann" style="position: absolute; left: 0; top: 0;">Will Dormann</a><div><a href="https://infosec.exchange/@wdormann/114394049408656954" rel="in-reply-to">in reply to</a></div></section><article><p>After successfully touching grass and beginning to write up CVE-2025-34028...</p><p>CVE-2025-34028 is a path traversal vulnerability. And yes, the path traversal allows for an unauthenticated attacker to plant files in arbitrary locations.  And presumably Commvault has fixed the path traversal part.</p><p>BUT, what about the fact that deployCCPackage() is reachable by design (by way of deployServiceCommcell.do being explicitly listed in authSkipRules.xml)?</p><p>Directory traversal aside, in what world does the ability for an unauthenticated client to deploy a Command Center package make sense, whatever that means?  🤔</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5021249#notice-9842604">In conversation</a><time datetime="2025-05-08T13:25:44+09:00" title="Thursday, 08-May-2025 13:25:44 JST">about 10 days ago</time> <span>from <span><a href="https://infosec.exchange/@wdormann/114434096629585541" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@wdormann/114434096629585541">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4594228">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 08-May-2025 13:25:44 JST Will Dormann
in reply to
After successfully touching grass and beginning to write up CVE-2025-34028...
CVE-2025-34028 is a path traversal vulnerability. And yes, the path traversal allows for an unauthenticated attacker to plant files in arbitrary locations. And presumably Commvault has fixed the path traversal part.
BUT, what about the fact that deployCCPackage() is reachable by design (by way of deployServiceCommcell.do being explicitly listed in authSkipRules.xml)?
Directory traversal aside, in what world does the ability for an unauthenticated client to deploy a Command Center package make sense, whatever that means? 🤔
In conversationabout 10 days ago from infosec.exchangepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice