Lucene search

K
ubuntuUbuntuUSN-4707-1
HistoryJan 28, 2021 - 12:00 a.m.

TCMU vulnerability

2021-01-2800:00:00
ubuntu.com
109

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

54.2%

Releases

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS

Packages

  • tcmu - TCM-Userspace backend

Details

It was discovered that TCMU lacked a check for transport-layer restrictions,
allowing remote attackers to read or write files via directory traversal in
an XCOPY request.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchlibtcmu2< 1.5.2-5ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchlibtcmu2-dbgsym< 1.5.2-5ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchtcmu-runner< 1.5.2-5ubuntu0.20.10.1UNKNOWN
Ubuntu20.10noarchtcmu-runner-dbgsym< 1.5.2-5ubuntu0.20.10.1UNKNOWN
Ubuntu20.04noarchlibtcmu2< 1.5.2-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibtcmu2-dbgsym< 1.5.2-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchtcmu-runner< 1.5.2-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchtcmu-runner-dbgsym< 1.5.2-5ubuntu0.20.04.1UNKNOWN

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

54.2%