CVE-2021-3806

Опубликовано: 18 сент. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 5.9

CVSS2: 7.1

EPSS Низкий

Описание

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.

Ссылки

https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/
Exploit
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-21-0754
Third Party Advisory
https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/
Exploit
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-21-0754
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tubitak:pardus_software_center:*:*:*:*:*:*:*:*

Версия до 0.1.0 (исключая)

EPSS

Процентиль: 63%

0.00449

Низкий

5.3 Medium

CVSS3

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-83vh-mv8c-q8vm

CVSS3: 5.3

github

больше 3 лет назад

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.

EPSS

Процентиль: 63%

0.00449

Низкий

5.3 Medium

CVSS3

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-22