CVE-2017-14804 - OpenCVE

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Leap
Suse	Linux Enterprise Software Development Kit

Configuration 1 [-]

OR	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3::::::

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:42.2:::::::*
	cpe:2.3:o:opensuse:leap:42.3:::::::*

No data.

References

Link	Providers
https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html
https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html
https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2018-03-01T19:00:00Z

Updated: 2024-09-16T22:03:14.200Z

Reserved: 2017-09-27T00:00:00

Link: CVE-2017-14804

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-01T20:29:00.413

Modified: 2023-11-07T02:39:13.180

Link: CVE-2017-14804

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "build", "vendor": "SUSE", "versions": [{"lessThanOrEqual": "20171128", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marcus H\u00fcwe"}], "datePublic": "2017-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}], "exploits": [{"lang": "en", "value": "Can be found in https://bugzilla.suse.com/show_bug.cgi?id=1069904"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Insufficient pathname checking could use to bypass directory restrictions.", "lang": "en", "type": "text"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:51", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "SUSE-SU-2017:3253", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"name": "SUSE-SU-2018:0065", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}, {"name": "openSUSE-SU-2017:3259", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}], "source": {"advisory": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "defect": ["https://bugzilla.suse.com/show_bug.cgi?id=1069904"], "discovery": "EXTERNAL"}, "title": "package builds could use directory traversal to write outside of target area", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-12-08T00:00:00.000Z", "ID": "CVE-2017-14804", "STATE": "PUBLIC", "TITLE": "package builds could use directory traversal to write outside of target area"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "build", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "20171128"}]}}]}, "vendor_name": "SUSE"}]}}, "credit": [{"lang": "eng", "value": "Marcus H\u00fcwe"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}]}, "exploit": [{"lang": "en", "value": "Can be found in https://bugzilla.suse.com/show_bug.cgi?id=1069904"}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient pathname checking could use to bypass directory restrictions."}]}, {"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2017:3253", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"name": "SUSE-SU-2018:0065", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}, {"name": "openSUSE-SU-2017:3259", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}]}, "source": {"advisory": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "defect": ["https://bugzilla.suse.com/show_bug.cgi?id=1069904"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:39.942Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2017:3253", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"name": "SUSE-SU-2018:0065", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}, {"name": "openSUSE-SU-2017:3259", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14804", "datePublished": "2018-03-01T19:00:00Z", "dateReserved": "2017-09-27T00:00:00", "dateUpdated": "2024-09-16T22:03:14.200Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F150BD9-4B94-42D3-9E14-58665B7FF220", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*", "matchCriteriaId": "B779A4B4-0721-4F4C-B3BD-C640BEAB2463", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}, {"lang": "es", "value": "El paquete de build anterior a 20171128 no comprob\u00f3 nombres de directorio durante la extracci\u00f3n de resultados de build que permit\u00edan que builds no fiables escribiesen en el sistema objetivo. Esto provocaba el escape fuera de los buildroots."}], "id": "CVE-2017-14804", "lastModified": "2023-11-07T02:39:13.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2018-03-01T20:29:00.413", "references": [{"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}, {"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@opentext.com", "type": "Secondary"}]}