CVE-2019-8320
rubygems: Delete directory using symlink when decompressing tar
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.
Fue encontrado un problema de salto de directorio (Directory Traversal) en RubyGems versión 2.7.6 y posterior hasta la versión 3.0.2. Antes de crear nuevos directorios o tocar archivos (que ahora incluyen el código path-checking para symlinks), se suprimiría el destino apuntado. Si ese destino estaba oculto detrás de un symlink, una gema maliciosa podría suprimir archivos arbitrarios en la máquina del usuario, presumiendo que el atacante podría adivinar las paths. Dada la frecuencia con que la gema se ejecuta como sudo, y cómo son las paths predecibles en los sistemas modernos (/tmp, /usr, etc.), esto podría probablemente conducir a la pérdida de datos o a un sistema inutilizable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-13 CVE Reserved
- 2019-04-12 CVE Published
- 2024-05-30 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://hackerone.com/reports/317321 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rubygems Search vendor "Rubygems" | Rubygems Search vendor "Rubygems" for product "Rubygems" | >= 2.7.6 <= 3.0.2 Search vendor "Rubygems" for product "Rubygems" and version " >= 2.7.6 <= 3.0.2" | - |
Affected
|