CVE-2020-27833

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected.

Se encontró una vulnerabilidad Zip Slip en el binario oc en openshift-clients donde es logrado una escritura de archivo arbitraria mediante el uso de una imagen de contenedor sin procesar especialmente diseñada (archivo .tar) que contiene enlaces simbólicos. La vulnerabilidad es limitada al comando "oc image extract". Si primero es creado un enlace simbólico apuntando dentro del tarball, esto permite a otros enlaces simbólicos omitir una comprobación de ruta existente. Este fallo permite al tarball crear enlaces fuera del directorio principal del tarball, permitiendo a archivos ejecutables o de configuración ser sobreescritos, resultando en una ejecución de código arbitrario. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema. Las versiones hasta e incluyendo openshift-clients-4.7.0-202104250659.p0.git.95881af están afectadas

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-27 CVE Reserved
2021-05-14 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-59: Improper Link Resolution Before File Access ('Link Following')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-27833	2024-02-21
https://bugzilla.redhat.com/show_bug.cgi?id=1905945	2024-02-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				<= 4.7 Search vendor "Redhat" for product "Openshift Container Platform" and version " <= 4.7"		-		Affected