Published: 30/08/2020 Updated: 07/11/2023

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

A flaw was found in librepo in versions prior to 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat librepo
opensuse leap 15.2
opensuse backports sle 15.0
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33

Synopsis Important: librepo security update Type/Severity Security Advisory: Important Topic An update for librepo is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: librepo security update Type/Severity Security Advisory: Important Topic An update for librepo is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Low: OpenShift Virtualization 242 Images Type/Severity Security Advisory: Low Topic Red Hat OpenShift Virtualization release 242 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security im ...

Synopsis Moderate: librepo security update Type/Severity Security Advisory: Moderate Topic An update for librepo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: librepo security update Type/Severity Security Advisory: Important Topic An update for librepo is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

A flaw was found in librepo A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal This flaw could potentially result in system compromise via ...

CWE-22 http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00072.html https://bugzilla.redhat.com/show_bug.cgi?id=1866498 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00055.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOMDEQBRJ7SO2QWL7H23G3VV2VSCUYOY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33RX4P5R5YL4NZSFSE4NOX37X6YCXAS4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDMHVY7OMIJNSPVZ2GJWHT77Z5V3YJ55/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:3749 https://alas.aws.amazon.com/AL2/ALAS-2020-1568.html

CVE-2020-14352

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect