Vulnerability CVE-2020-36314

Vulnerability Name:

CVE-2020-36314 (CCN-199798)

Assigned:

2020-11-16

Published:

2020-11-16

Updated:

2021-06-03

Summary:

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
Note: this issue exists because of an incomplete fix for CVE-2020-11736.

CVSS v3 Severity:

3.9 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
3.4 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

3.9 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
3.4 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2020-36314

Source: XF
Type: UNKNOWN
gnome-cve202036314-dir-traversal(199798)

Source: MISC
Type: Patch, Vendor Advisory
https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae

Source: CCN
Type: GNOME GIT Repository
CVE-2020-36314: GNOME Archive Manager Traversal Attack

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://gitlab.gnome.org/GNOME/file-roller/-/issues/108

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-7109d72f07

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:file-roller:*:*:*:*:*:*:*:* (Version <= 3.38.0)

Configuration 2:

cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7883	P	file-roller-3.40.0-150400.3.13 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3266	P	libtcnative-1-0-1.2.23-3.3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94896	P	file-roller-3.40.0-150400.3.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112225	P	file-roller-3.40.0-3.2 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20214179	P	RHSA-2021:4179: file-roller security update (Low)	2021-11-09
oval:org.opensuse.security:def:105755	P	file-roller-3.40.0-3.2 on GA media (Moderate)	2021-10-01

BACK