Lucene search

GitHub Advisory DatabaseGHSA-4VHW-4RW7-JFPV

HistoryAug 25, 2021 - 8:49 p.m.

Path traversal in mozwire

2021-08-2520:49:02

CWE-22

GitHub Advisory Database

github.com

mozwire

directory traversal

file overwriting

rust

software

configuration files

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

42.1%

JSON

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A …/ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

Affected configurations

Vulners

Node

mozwire_projectmozwireRange<0.5.0rust

VendorProductVersionCPE
mozwire_projectmozwire*cpe:2.3:a:mozwire_project:mozwire:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
mozwire_project	mozwire	*	cpe:2.3:a:mozwire_project:mozwire::::::rust::*

References

github.com/advisories/GHSA-4vhw-4rw7-jfpv

github.com/NilsIrl/MozWire/issues/14

github.com/NilsIrl/MozWire/pull/17/commits/dd0639bf2876773b66382f47285f7db701f628d9

nvd.nist.gov/vuln/detail/CVE-2020-35883

rustsec.org/advisories/RUSTSEC-2020-0030.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

42.1%

JSON

Related for GHSA-4VHW-4RW7-JFPV