CVE-2018-1000073
rubygems: Path traversal when writing to a symlinked basedir outside of the root
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene una vulnerabilidad de salto de directorio en la función install_location de package.rb que puede resultar en un salto de directorio al escribir en un basedir vinculado simbólicamente fuera del root. La vulnerabilidad parece haber sido solucionada en la versión 2.7.6.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-21 CVE Reserved
- 2018-03-13 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| http://blog.rubygems.org/2018/02/15/2.7.6-released.html | 2020-08-24 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2018:3729 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2018:3730 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2018:3731 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2019:2028 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2020:0542 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2020:0591 | 2020-08-24 | |
| https://access.redhat.com/errata/RHSA-2020:0663 | 2020-08-24 | |
| https://usn.ubuntu.com/3621-1 | 2020-08-24 | |
| https://www.debian.org/security/2018/dsa-4219 | 2020-08-24 | |
| https://www.debian.org/security/2018/dsa-4259 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2018-1000073 | 2020-03-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1547418 | 2020-03-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rubygems Search vendor "Rubygems" | Rubygems Search vendor "Rubygems" for product "Rubygems" | <= 2.2.9 Search vendor "Rubygems" for product "Rubygems" and version " <= 2.2.9" | - |
Affected
| ||||||
| Rubygems Search vendor "Rubygems" | Rubygems Search vendor "Rubygems" for product "Rubygems" | <= 2.3.6 Search vendor "Rubygems" for product "Rubygems" and version " <= 2.3.6" | - |
Affected
| ||||||
| Rubygems Search vendor "Rubygems" | Rubygems Search vendor "Rubygems" for product "Rubygems" | <= 2.4.3 Search vendor "Rubygems" for product "Rubygems" and version " <= 2.4.3" | - |
Affected
| ||||||
| Rubygems Search vendor "Rubygems" | Rubygems Search vendor "Rubygems" for product "Rubygems" | <= 2.5.0 Search vendor "Rubygems" for product "Rubygems" and version " <= 2.5.0" | - |
Affected
| ||||||