Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
cobbler.21408
cve-2018-10931-forbid-exposure-of-private-metho...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cve-2018-10931-forbid-exposure-of-private-methods-in.patch of Package cobbler.21408
From 7595977573184d2be3ff35188601efd6806f158c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= <psuarezhernandez@suse.com> Date: Fri, 10 Aug 2018 10:59:04 +0100 Subject: [PATCH] CVE-2018-10931 - forbid exposure of private methods in the API --- cobbler/remote.py | 2 ++ 1 file changed, 2 insertions(+) Index: cobbler-2.6.6/cobbler/remote.py =================================================================== --- cobbler-2.6.6.orig/cobbler/remote.py +++ cobbler-2.6.6/cobbler/remote.py @@ -2075,6 +2075,8 @@ class ProxiedXMLRPCInterface: self.logger = self.proxied.api.logger def _dispatch(self, method, params, **rest): + if method.startswith('_'): + raise CX("forbidden method") if not hasattr(self.proxied, method): raise CX("unknown remote method")
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
