Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-29529

Опубликовано: 03 дек. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multicloud-manager-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/openshift-hive-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2acmesolver-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2acm-must-gather-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2acm-operator-bundle-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2application-ui-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2cainjector-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2cert-manager-controller-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2cert-manager-webhook-containerFixedRHSA-2021:116813.04.2021
Red Hat Advanced Cluster Management for Kubernetes 2cert-policy-controller-containerFixedRHSA-2021:116813.04.2021

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-22
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1914238go-slug: partial protection against zip slip attacks

EPSS

Процентиль: 76%
0.00982
Низкий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
nvd
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
debian
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...

CVSS3: 7.5
github
больше 2 лет назад

Unsafe tar unpacking in HashiCorp go-slug

EPSS

Процентиль: 76%
0.00982
Низкий

7.5 High

CVSS3