CVE-2020-14352
librepo: missing path validation in repomd.xml may lead to directory traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
Se encontró un fallo en librepo en versiones anteriores a 1.12.1. Se encontró una vulnerabilidad de salto de directorio en donde se produjo un fallo al sanear las rutas en los metadatos de un repositorio remoto. Un atacante que controla un repositorio remoto puede ser capaz de copiar archivos fuera del directorio de destino en el sistema objetivo por medio de un salto de ruta. Este fallo podría resultar potencialmente en un compromiso del sistema por medio de la sobrescritura de archivos críticos del sistema. La mayor amenaza de este fallo es para los usuarios que hacen uso de repositorios de terceros que no son de confianza
A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-08-30 CVE Published
- 2024-07-21 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00072.html | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1866498 | 2020-11-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Librepo Search vendor "Redhat" for product "Librepo" | < 1.12.1 Search vendor "Redhat" for product "Librepo" and version " < 1.12.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | sp2 |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||