PT-2018-3460 · Rust+2 · Rust+2

Published

2018-07-08

Updated

2024-06-15

CVE-2018-1000622

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Rust Programming Language rustdoc versions 0.8 through 1.27.0

Description: The issue is related to an uncontrolled search path element in rustdoc plugins, which can be exploited to execute arbitrary code locally as a different user. This can be done by using the --plugin flag without the --plugin-path flag.

Recommendations: For versions 0.8 through 1.27.0, update to version 1.27.1 to resolve the issue.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

ALT-PU-2018-2345

BDU:2020-01729

CVE-2018-1000622

MGASA-2018-0318

OPENSUSE-SU-2018_3451-1

OPENSUSE-SU-2019:2203-1

OPENSUSE-SU-2019:2244-1

OPENSUSE-SU-2019:2294-1

OPENSUSE-SU-2019_2203-1

OPENSUSE-SU-2019_2244-1

OPENSUSE-SU-2019_2294-1

OPENSUSE-SU-2024:11359-1

OPENSUSE-SU-2024:11360-1

SUSE-RU-2019:0386-1

SUSE-SU-2018:3357-1

SUSE-SU-2018_3357-1

SUSE-SU-2019:2439-1

SUSE-SU-2019:2755-1

SUSE-SU-2019_2439-1

SUSE-SU-2019_2755-1

Affected Products

Alt Linux

Rust

Suse

PT-2018-3460 · Rust+2 · Rust+2

CVE-2018-1000622

Weakness Enumeration

Related Identifiers

Affected Products

References · 62