Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10897

Опубликовано: 01 авг. 2018
Источник: nvd
CVSS3: 8.8
CVSS3: 8.1
CVSS2: 9.3
EPSS Низкий

Описание

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:rpm:yum-utils:*:*:*:*:*:*:*:*
Версия до 1.1.31 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02756
Низкий

8.8 High

CVSS3

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-59
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2018-10897

CVSS3: 8.1
ubuntu
больше 7 лет назад

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

redhat логотип

CVE-2018-10897

CVSS3: 8.8
redhat
больше 7 лет назад

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

debian логотип

CVE-2018-10897

CVSS3: 8.1
debian
больше 7 лет назад

A directory traversal issue was found in reposync, a part of yum-utils ...

github логотип

GHSA-48q2-62w2-89cw

CVSS3: 8.1
github
больше 3 лет назад

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

oracle-oval логотип

ELSA-2018-2285

oracle-oval
больше 7 лет назад

ELSA-2018-2285: yum-utils security update (IMPORTANT)

EPSS

Процентиль: 85%
0.02756
Низкий

8.8 High

CVSS3

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-59
CWE-22