Vulnerability CVE-2020-8161

Vulnerability Name:

CVE-2020-8161 (CCN-184568)

Assigned:

2020-05-13

Published:

2020-05-13

Updated:

2023-02-02

Summary:

CVSS v3 Severity:

8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-8161

Source: XF
Type: UNKNOWN
rack-cve20208161-dir-traversal(184568)

Source: CCN
Type: rack GIT Repository
rack

Source: CCN
Type: Google Web site
[CVE-2020-8161] Directory traversal in Rack::Directory

Source: support@hackerone.com
Type: Mailing List, Patch, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Permissions Required, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:rack_project:rack:2.0.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:776	P	Security update for rubygem-rack (Moderate)	2022-09-23
oval:org.opensuse.security:def:20208161	V	CVE-2020-8161	2022-05-22
oval:org.opensuse.security:def:58026	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:63195	P	apache2-mod_nss-1.0.17-1.28 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:59532	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:59785	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:63433	P	liblcms2-2-32bit-2.9-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63486	P	libjpeg-turbo-1.5.3-5.15.7 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62201	P	libpoppler-cpp0-0.79.0-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62743	P	fontforge-20200314-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:57467	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:63064	P	ntp-4.2.8p11-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63536	P	gimp-2.8.22-3.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:60275	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:57918	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:57188	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:62529	P	gvim-8.0.1568-3.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62397	P	bubblewrap-0.2.0-1.49 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63394	P	xalan-j2-2.7.2-2.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63298	P	rarpd-s20161105-6.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61927	P	nfs-client-2.1.1-10.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63571	P	dia-0.97.3-2.32 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61756	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61733	P	ecryptfs-utils-111-2.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61732	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:58336	P	Security update for rubygem-rack (Moderate)	2020-12-01
oval:org.opensuse.security:def:56810	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:60790	P	Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)	2020-12-01
oval:org.opensuse.security:def:58261	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:56788	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:60693	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:57633	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:61033	P	Security update for rubygem-rack (Moderate)	2020-12-01
oval:org.opensuse.security:def:59374	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:58311	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:56787	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:60575	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60953	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:59352	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:58230	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:57361	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:61003	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:59351	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:58192	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:60086	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:60912	P	Security update for rubygem-haml (Moderate)	2020-12-01
oval:org.opensuse.security:def:58118	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:59968	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56950	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:60874	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:84486	P	Security update for rubygem-rack (Moderate)	2020-09-18
oval:org.opensuse.security:def:88342	P	Security update for rubygem-rack (Moderate)	2020-09-18
oval:org.opensuse.security:def:80971	P	Security update for rubygem-rack (Moderate)	2020-09-18

BACK