CVE-2020-7667 - OpenCVE

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sas	Go Rpm Utils

Configuration 1 [-]

cpe:2.3:a:sas:go_rpm_utils:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-06-24T12:00:15.519943Z

Updated: 2024-09-17T02:48:08.483Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7667

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-24T12:15:12.677

Modified: 2021-12-21T01:10:26.120

Link: CVE-2020-7667

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "github.com/sassoftware/go-rpmutils/cpio", "vendor": "n/a", "versions": [{"lessThan": "0.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Georgios Gkitsas of Snyk Security Team"}], "datePublic": "2020-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading \"..\" which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Write via Archive Extraction (Zip Slip)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-07T15:20:42", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0"}], "title": "Arbitrary File Write via Archive Extraction (Zip Slip)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2020-06-24T11:57:53.854416Z", "ID": "CVE-2020-7667", "STATE": "PUBLIC", "TITLE": "Arbitrary File Write via Archive Extraction (Zip Slip)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "github.com/sassoftware/go-rpmutils/cpio", "version": {"version_data": [{"version_affected": "<", "version_value": "0.1.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Georgios Gkitsas of Snyk Security Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading \"..\" which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Write via Archive Extraction (Zip Slip)"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427"}, {"name": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0", "refsource": "MISC", "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.346Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7667", "datePublished": "2020-06-24T12:00:15.519943Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-17T02:48:08.483Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sas:go_rpm_utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "F19A094B-7ED4-436C-A9DC-807B1D2A0889", "versionEndExcluding": "0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading \"..\" which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released."}, {"lang": "es", "value": "En el paquete github.com/sassoftware/go-rpmutils/cpio anterior a la versi\u00f3n 0.1.0, la funcionalidad de extracci\u00f3n de CPIO, no sanea las rutas de los archivos archivados conduciendo o no \"..\", lo que conlleva a una extracci\u00f3n de archivos fuera del directorio actual. Nota: la confirmaci\u00f3n de la correcci\u00f3n fue aplicada a todas las versiones afectadas que se volvieron a publicar"}], "id": "CVE-2020-7667", "lastModified": "2021-12-21T01:10:26.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2020-06-24T12:15:12.677", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}