// For flags

CVE-2010-1000

Gentoo Linux Security Advisory 201412-08

Severity Score

5.8
*CVSS v2

Exploit Likelihood

2.6%
*EPSS

Affected Versions

53
*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink.

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-18 CVE Reserved
  • 2010-05-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions (53)