PT-2017-10736 · Chef · Mixlib-Archive
Publicado
2017-07-13
·
Atualizado
2022-05-13
·
CVE-2017-1000026
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
mixlib-archive versions 0.3.0 and older
Description
The issue allows attackers to perform a directory traversal attack, enabling them to overwrite arbitrary files by using
.. in tar archive entries. This can lead to unauthorized modifications of the system.Recommendations
For mixlib-archive versions 0.3.0 and older, update to a version newer than 0.3.0 to resolve the issue. As a temporary workaround, consider restricting the use of tar archive entries that contain
.. to minimize the risk of exploitation.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mixlib-Archive