Описание
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
Отчет
In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to. The upstream project (Curl) also rated this CVE as Low, see link in External References. It is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-curl | Out of support scope | ||
| Red Hat Enterprise Linux 6 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 7 | curl | Fix deferred | ||
| Red Hat Enterprise Linux 8 | curl | Fix deferred | ||
| JBCS httpd 2.4.51.sp2 | curl | Fixed | RHSA-2023:3355 | 05.06.2023 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2023:3354 | 05.06.2023 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-curl | Fixed | RHSA-2023:3354 | 05.06.2023 |
| Red Hat Enterprise Linux 9 | curl | Fixed | RHSA-2023:6679 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | curl | Fixed | RHSA-2023:6679 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
EPSS
3.7 Low
CVSS3