CVE-2020-29050
Debian Security Advisory 5036-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
SphinxSearch en Sphinx Technologies Sphinx versiones hasta 3.1.1, permite un salto de directorio (en conjunto con CVE-2019-14511) porque el cliente mysql puede ser usado para operaciones CALL SNIPPETS y load_file en una ruta completa (por ejemplo, un archivo en el directorio /etc). NOTA: esto no está relacionado con CMUSphinx
It was discovered that sphinxsearch, a fast standalone full-text SQL search engine, could allow arbitrary files to be read by abusing a configuration option.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-11-24 CVE Reserved
- 2022-01-07 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-04-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/01/msg00009.html | Mailing List |
|
| https://security-tracker.debian.org/tracker/CVE-2020-29050 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sphinxsearch Search vendor "Sphinxsearch" | Sphinx Search vendor "Sphinxsearch" for product "Sphinx" | <= 3.1.1 Search vendor "Sphinxsearch" for product "Sphinx" and version " <= 3.1.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||