Описание
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.
A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | apache-ivy | Not affected | ||
| Migration Toolkit for Applications 6 | apache-ivy | Will not fix | ||
| Migration Toolkit for Runtimes | org.freemarker-freemarker-2.3.31.redhat_00001-1 | Will not fix | ||
| Red Hat Data Grid 8 | apache-ivy | Will not fix | ||
| Red Hat Enterprise Linux 7 | apache-ivy | Affected | ||
| Red Hat Fuse 7 | apache-ivy | Will not fix | ||
| Red Hat Integration Camel K 1 | apache-ivy | Affected | ||
| Red Hat Integration Camel Quarkus 1 | apache-ivy | Will not fix | ||
| Red Hat JBoss Data Grid 7 | apache-ivy | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | apache-ivy | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.
Уявимость пакетного менеджера Apache Ivy, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к файловой системе
EPSS
7.5 High
CVSS3