Arbitrary File Overwrite Affecting github.com/thoughtworks/talisman/report Open this link in a new tab package, versions <1.6.0
Exploit Maturity
Proof of concept
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-GOLANG-GITHUBCOMTHOUGHTWORKSTALISMANREPORT-598669
-
published
14 Aug 2020
-
disclosed
14 Aug 2020
-
credit
dcRUSTy
Introduced: 14 Aug 2020
CWE-22 Open this link in a new tabHow to fix?
Upgrade github.com/thoughtworks/talisman/report to version 1.6.0 or higher.
Overview
github.com/thoughtworks/talisman/report is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation.
Affected versions of this package are vulnerable to Arbitrary File Overwrite. When scanning a repository that includes a symlink under talisman_reports/data/report.json, talisman will overwrite the file pointed by the symlink.
PoC by dcRUSTy
- Execute
echo 123 > /tmp/data - Scan a repo with
talisman_reports/data/report.jsonsymlinked to/tmp/data - Run
talisman -s - Observe content of
/tmp/data