Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-46122
HistoryOct 23, 2023 - 3:51 p.m.

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

2023-10-2315:51:02
CWE-22
GitHub_M
www.cve.org
9
cve-2023-46122
zip slip
sbt
java
scala
io.unzip
pullremotecache
resolvers.remote
custom tasks
patch
version 1.9.7

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

21.0%

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys. Within sbt’s main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.

CNA Affected

[
  {
    "vendor": "sbt",
    "product": "sbt",
    "versions": [
      {
        "version": ">= 0.3.4, < 1.9.7",
        "status": "affected"
      }
    ]
  }
]

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

21.0%