CVE-2019-5624
Rapid7 Metasploit Framework Zip Import Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
Rapid7 Metasploit Framework padece de una situación de CWE-22, limitación inapropiada de un Pathname a un directorio restringido ('Path Traversal') en la función Zip import de Metasploit. La operación de esta vulnerabilidad puede permitir a un atacante ejecutar código arbitrario en Metasploit desde el nivel de privilegio del usuario que ejecuta Metasploit. Este problema afecta a: Rapid7 Metasploit Framework versión 4.14.0 y versiones anteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-04-30 CVE Published
- 2019-05-02 First Exploit
- 2024-04-17 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/VoidSec/CVE-2019-5624 | 2019-05-02 | |
https://blog.doyensec.com/2019/04/24/rubyzip-bug.html | 2024-09-17 | |
https://github.com/rapid7/metasploit-framework/pull/11716 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416 | 2023-02-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | <= 4.14.0 Search vendor "Rapid7" for product "Metasploit" and version " <= 4.14.0" | - |
Affected
|