The hosts list used by WebYaST for connecting to it’s back
end part was modifiable allowing to point to a malicious
website which then could access all values sent by WebYaST.
The /host configuration path was removed to fix this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
WebYaST | 1.2 | noarch | webyast-base-ui | < 0.2.63-0.6.1 | webyast-base-ui-0.2.63-0.6.1.noarch.rpm |
SUSE Studio Standard Edition | 1.2 | noarch | webyast-base-ui | < 0.2.63-0.6.1 | webyast-base-ui-0.2.63-0.6.1.noarch.rpm |
WebYaST | 1.2 | noarch | webyast-base-ui-branding-default | < 0.2.63-0.6.1 | webyast-base-ui-branding-default-0.2.63-0.6.1.noarch.rpm |
WebYaST | 1.2 | noarch | webyast-base-ui-testsuite | < 0.2.63-0.6.1 | webyast-base-ui-testsuite-0.2.63-0.6.1.noarch.rpm |