This repository was archived by the owner on Nov 6, 2025. It is now read-only.

Any file can be used as an ssh private key and an error message can display its content in logs

Low

loicalbertin published GHSA-8vhw-qv5r-38h5 Aug 29, 2019 · 1 comment

Package

No package listed

Affected versions

<= 4.0.0-M2, <= 3.2.3

Patched versions

4.0.0-M3, 3.2.4

Description

Impact

This vulnerability allows a user to see the content of any file readable by a Yorc server.

Patches

Version 3.2.4 ships a fix for this vulnerability
Version 4.0.0-M3 ships a fix for this vulnerability

Workarounds

No known workarounds.

For more information

If you have any questions or comments about this advisory:

Open an issue in Yorc
Email us at ystia-security@framalistes.org