* [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config
@ 2024-11-27 0:14 James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
0 siblings, 1 reply; 2+ messages in thread
From: James Brown via pve-devel @ 2024-11-27 0:14 UTC (permalink / raw)
To: Fabio Fantoni via pve-devel; +Cc: James Brown
[-- Attachment #1: Type: message/rfc822, Size: 5314 bytes --]
From: "James Brown" <randomvoidmail@foxmail.com>
To: "Fabio Fantoni via pve-devel" <pve-devel@lists.proxmox.com>
Subject: SPAM: [Security] Arbitrary file reading via malicious VM config
Date: Wed, 27 Nov 2024 08:14:28 +0800
Message-ID: <tencent_C3D2C670AE0CC99C45BA8C83853D3BDE0205@qq.com>
I suspect a security flaw within ESXi VM import. If a malicious actor forges a VMWare VM config with root paths such as /var/log/auth.log, could lead to potential data leak if the import task is executed.
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
2024-11-27 0:14 [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config James Brown via pve-devel
@ 2024-11-27 0:40 ` James Brown via pve-devel
0 siblings, 0 replies; 2+ messages in thread
From: James Brown via pve-devel @ 2024-11-27 0:40 UTC (permalink / raw)
To: Proxmox VE development discussion; +Cc: James Brown
[-- Attachment #1: Type: message/rfc822, Size: 6065 bytes --]
From: "James Brown" <randomvoidmail@foxmail.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
Date: Wed, 27 Nov 2024 08:40:41 +0800
Message-ID: <tencent_34190E94319B774BBF70D0B31FC74F414A0A@qq.com>
This is not a spam.
---Original---
From: "James Brown via pve-devel"<pve-devel@lists.proxmox.com>
Date: Wed, Nov 27, 2024 08:31 AM
To: "Fabio Fantoni via pve-devel"<pve-devel@lists.proxmox.com>;
Cc: "James Brown"<randomvoidmail@foxmail.com>;
Subject: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-11-27 0:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-27 0:14 [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox