* [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config
@ 2024-11-27 0:14 James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
0 siblings, 1 reply; 2+ messages in thread
From: James Brown via pve-devel @ 2024-11-27 0:14 UTC (permalink / raw)
To: Fabio Fantoni via pve-devel; +Cc: James Brown
[-- Attachment #1: Type: message/rfc822, Size: 5314 bytes --]
From: "James Brown" <randomvoidmail@foxmail.com>
To: "Fabio Fantoni via pve-devel" <pve-devel@lists.proxmox.com>
Subject: SPAM: [Security] Arbitrary file reading via malicious VM config
Date: Wed, 27 Nov 2024 08:14:28 +0800
Message-ID: <tencent_C3D2C670AE0CC99C45BA8C83853D3BDE0205@qq.com>
I suspect a security flaw within ESXi VM import. If a malicious actor forges a VMWare VM config with root paths such as /var/log/auth.log, could lead to potential data leak if the import task is executed.
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-11-27 0:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-27 0:14 [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox