Vulnerability CVE-2020-16116

Vulnerability Name:

CVE-2020-16116 (CCN-186231)

Assigned:

2020-07-30

Published:

2020-07-30

Updated:

2022-09-12

Summary:

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2020-16116

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1183

Source: XF
Type: UNKNOWN
ark-cve202016116-dir-traversal(186231)

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/KDE/ark/commits/master

Source: CONFIRM
Type: Patch, Vendor Advisory
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f

Source: CCN
Type: KDE Project Security Advisory
Ark: maliciously crafted archive can install files outside the extraction directory

Source: CONFIRM
Type: Vendor Advisory
https://kde.org/info/security/advisory-20200730-1.txt

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220520 [SECURITY] [DLA 3015-1] ark security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-e2fe8f0165

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-cac5ae9b6e

Source: GENTOO
Type: Third Party Advisory
GLSA-202008-03

Source: UBUNTU
Type: Patch, Third Party Advisory
USN-4461-1

Source: CONFIRM
Type: Third Party Advisory
https://www.debian.org/security/2020/dsa-4738

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-16116

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:ark:*:*:*:*:*:*:*:* (Version < 20.08.0)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration CCN 1:

cpe:/a:kde:ark:20.04.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202016116	V	CVE-2020-16116	2022-06-30
oval:org.opensuse.security:def:111974	P	ark-21.08.1-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64833	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:64775	P	Security update for libcryptopp (Moderate)	2021-10-06
oval:org.opensuse.security:def:105536	P	ark-21.08.1-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63228	P	openssh-fips-7.9p1-4.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64566	P	Security update for spectre-meltdown-checker (Moderate)	2021-08-27
oval:org.opensuse.security:def:63425	P	lame-3.100-1.33 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63521	P	taglib-1.11.1-4.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62806	P	libpango-1_0-0-32bit-1.44.7+11-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63025	P	nasm-2.14.02-3.4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63018	P	jython-2.2.1-11.65 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63022	P	libtdsodbc0-1.1.36-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64474	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:64320	P	Security update for zstd (Moderate)	2021-04-08
oval:org.opensuse.security:def:64673	P	Security update for ldb (Important)	2021-03-24
oval:org.opensuse.security:def:64565	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:63050	P	python2-numpy-gnu-hpc-1.14.0-2.105 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62606	P	typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62605	P	texlive-12many-2017.133.0.0.3svn15878-6.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63287	P	memcached-1.5.6-4.5.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62629	P	fwupd-1.2.11-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63085	P	ntp-4.2.8p13-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74887	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:63978	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:63871	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:74540	P	Security update for ark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64429	P	pam_yubico on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64945	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:64218	P	bash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63651	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:75020	P	Security update for ark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64362	P	libopus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64112	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:63724	P	Security update for glib2 (Important)	2020-12-01
oval:org.opensuse.security:def:74414	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64100	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:109694	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:103037	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:110164	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:93501	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:110715	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:96347	P	Security update for ark (Moderate)	2020-08-12
oval:org.opensuse.security:def:100214	P	Security update for ark (Moderate)	2020-08-12

BACK