mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-06-09 09:05:15 +02:00
Security Fix
ab549baa1f
- Changed Intel microcode download from HTTP to HTTPS - Added --proto '=https' flag to curl to prevent protocol downgrade attacks - Simplified output parameter from basename to direct variable reference - Affects: tools/pve/microcode.sh (line 79) and tools/pve/pbs-microcode.sh (line 93) - CVSS: 6.5 (Medium) - CWE-494, CWE-300, CWE-829 - Impact: Prevents network-path MITM attacks that could lead to root RCE The AMD branch was already using HTTPS, this fix brings Intel branch to parity and closes the vulnerability reported in security advisory.