CVE-2020-24654

Опубликовано: 02 сент. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 3.3

Описание

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

Релиз	Статус	Примечание
bionic	released	4:17.12.3-0ubuntu1.2
devel	released	4:20.08.1-0ubuntu1
esm-apps/bionic	released	4:17.12.3-0ubuntu1.2
esm-apps/focal	released	4:19.12.3-0ubuntu1.2
esm-apps/xenial	released	4:15.12.3-0ubuntu1.2
esm-infra-legacy/trusty	DNE
focal	released	4:19.12.3-0ubuntu1.2
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

CVE-2020-24654

CVSS3: 3.3

redhat

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

nvd

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

debian

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...

openSUSE-SU-2020:1310-2

suse-cvrf

больше 5 лет назад

Security update for ark

openSUSE-SU-2020:1310-1

suse-cvrf

больше 5 лет назад

Security update for ark

4.3 Medium

CVSS2

3.3 Low

CVSS3

CVE-2020-24654

Описание

Пакет ark

Ссылки на источники

Связанные уязвимости