-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Raspberry Pi4
-
Raspberry Pi 4
The "listfiles" command has a vulnerability that allows it to list directories and files.
If the path begins with '/', the list is rejected with 'Access denied',
but if the path begins with '..', the filter can be bypassed.
So, anyone can see the all files in the system.
It's a kind of information leak vulnerability.
I checked it in Raspberry Pi4 and the 16.92.0