The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | bacula | < 5.2.6+dfsg-4 | bacula_5.2.6+dfsg-4_all.deb |
Debian | 11 | all | bacula | < 5.2.6+dfsg-4 | bacula_5.2.6+dfsg-4_all.deb |
Debian | 10 | all | bacula | < 5.2.6+dfsg-4 | bacula_5.2.6+dfsg-4_all.deb |
Debian | 999 | all | bacula | < 5.2.6+dfsg-4 | bacula_5.2.6+dfsg-4_all.deb |
Debian | 13 | all | bacula | < 5.2.6+dfsg-4 | bacula_5.2.6+dfsg-4_all.deb |