CVE-2020-36628 - OpenCVE

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Android Processing Development Environment Project	Android Processing Development Environment

Configuration 1 [-]

OR	cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment::::::android::*
	cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:0.5.2:pre1_alpha::::android::*

No data.

References

Link	Providers
https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf
https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha
https://vuldb.com/?id.216747

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-25T10:19:53.152Z

Updated: 2024-08-04T17:30:08.460Z

Reserved: 2022-12-24T10:40:32.917Z

Link: CVE-2020-36628

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-25T11:15:10.763

Modified: 2024-05-17T01:48:52.180

Link: CVE-2020-36628

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36628", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2022-12-24T10:40:32.917Z", "datePublished": "2022-12-25T10:19:53.152Z", "dateUpdated": "2024-08-04T17:30:08.460Z"}, "containers": {"cna": {"title": "Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-25T10:19:53.152Z"}, "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Path Traversal"}]}], "affected": [{"vendor": "Calsign", "product": "APDE", "versions": [{"version": "n/a", "status": "affected"}], "modules": ["ZIP File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Calsign APDE entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handleExtract der Datei APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java der Komponente ZIP File Handler. Durch die Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.5.2-pre2-alpha vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}], "timeline": [{"time": "2022-12-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2022-12-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2022-12-24T11:46:31.000Z", "lang": "en", "value": "VulDB last update"}], "references": [{"url": "https://vuldb.com/?id.216747", "tags": ["technical-description", "vdb-entry"]}, {"url": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf", "tags": ["mitigation"]}, {"url": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha", "tags": ["mitigation"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.460Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.216747", "tags": ["technical-description", "vdb-entry", "x_transferred"]}, {"url": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf", "tags": ["mitigation", "x_transferred"]}, {"url": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha", "tags": ["mitigation", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:*:*:*:*:*:android:*:*", "matchCriteriaId": "69E22EA1-7C82-4F29-8BC0-A642B063CBDC", "versionEndExcluding": "0.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:android_processing_development_environment_project:android_processing_development_environment:0.5.2:pre1_alpha:*:*:*:android:*:*", "matchCriteriaId": "E8315D57-8F8F-431C-A74B-5523BA512004", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Calsign APDE y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n handleExtract del archivo APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java del componente ZIP File Handler. La manipulaci\u00f3n conduce a path traversal. La actualizaci\u00f3n a la versi\u00f3n 0.5.2-pre2-alpha puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216747."}], "id": "CVE-2020-36628", "lastModified": "2024-05-17T01:48:52.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-25T11:15:10.763", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf"}, {"source": "cna@vuldb.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216747"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}