Vulnerability CVE-2020-36241

Vulnerability Name:

CVE-2020-36241 (CCN-196330)

Assigned:

2020-11-06

Published:

2020-11-06

Updated:

2022-04-08

Summary:

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

3.9 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
3.4 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-22
CWE-59

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-36241

Source: XF
Type: UNKNOWN
gnome-cve202036241-dir-traversal(196330)

Source: MISC
Type: Patch, Vendor Advisory
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429

Source: CCN
Type: GNOME GIT Repository
A malicious archive may be able to overwrite arbitrary files

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-303f6623fa

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-10

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:gnome-autoar:*:*:*:*:*:*:*:* (Version <= 0.2.4)

Configuration 2:

cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:gnome-autoar:0.2.4:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7893	P	gnome-autoar-devel-0.4.1-150400.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3275	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94828	P	skopeo-0.1.41-4.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94905	P	gnome-autoar-devel-0.4.1-150400.1.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1661	P	Security update for python-Twisted (Moderate)	2022-04-29
oval:org.opensuse.security:def:112309	P	gnome-autoar-devel-0.4.0-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101541	P	Security update for java-11-openjdk (Important)	2021-11-16
oval:com.redhat.rhsa:def:20214381	P	RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)	2021-11-09
oval:org.opensuse.security:def:105831	P	gnome-autoar-devel-0.4.0-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:62750	P	gnome-autoar-devel-0.2.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101156	P	gnome-autoar-devel-0.2.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72469	P	gnome-autoar-devel-0.2.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:111255	P	Security update for gnome-autoar (Moderate)	2021-03-06
oval:org.opensuse.security:def:97260	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:4183	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:108207	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:117721	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:65272	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:74340	P	Security update for gnome-autoar (Moderate)	2021-03-02
oval:org.opensuse.security:def:61110	P	Security update for gnome-autoar (Moderate)	2021-03-01
oval:org.opensuse.security:def:6317	P	Security update for gnome-autoar (Moderate)	2021-03-01
oval:org.opensuse.security:def:35287	P	Security update for gnome-autoar (Moderate)	2021-03-01

BACK