-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 0.9.2-incubating
-
Fix Version/s: 0.9.2-incubating
-
Component/s: storm-core
-
Labels:
Note: This is actually version 0.9.0.1 but I couldn't choose that in the dropdown. I suspect that the problem still exists.
I found that it's possible to access any readable file on the system via the UI worker log viewer. To reproduce, navigate to:
http://<host:port>/log?file=../../../../../../../../etc/passwd