Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.9.2-incubating
Description
Note: This is actually version 0.9.0.1 but I couldn't choose that in the dropdown. I suspect that the problem still exists.
I found that it's possible to access any readable file on the system via the UI worker log viewer. To reproduce, navigate to:
http://<host:port>/log?file=../../../../../../../../etc/passwd