A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-05T15:12:17.193Z
Updated: 2024-09-19T05:45:38.890Z
Reserved: 2024-01-05T14:21:24.756Z
Link: CVE-2023-7216
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-05T15:15:08.903
Modified: 2024-09-19T06:15:02.437
Link: CVE-2023-7216
Redhat