Pi-Hole Updates to Version 5.18, Fixes Critical "Authenticated Arbitrary File Read" Security Flaw
The Pi-hole team has released an update, version 5.18, for its widely used network-wide ad-blocking software. This update addresses a critical vulnerability discovered in the gravity script, which previously allowed authenticated users to arbitrarily read any system file via the web interface. The flaw, identified as an Authenticated Arbitrary File Read with root privileges vulnerability, posed a significant security risk.
To mitigate this issue, the new release restricts the gravity script’s file reading capabilities. Now, it can only read local files that have explicit read permissions for all users on the system. This change effectively prevents the exploitation of the vulnerability by unauthorized access to sensitive files.
For a comprehensive view of all changes introduced in version 5.18, users can access the full changelog by comparing versions v5.17.3 to v5.18 on GitHub.