5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.6%
A path traversal vulnerability was found in the CPIO utility. This issue
could allow a remote unauthenticated attacker to trick a user into opening
a specially crafted archive. During the extraction process, the archiver
could follow symlinks outside of the intended directory, which allows files
to be written in arbitrary directories through symlinks.
Author | Note |
---|---|
fabian | Upstream believes this is normal behavior. https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html |
mdeslaur | deferring to see if CVE gets rejected |
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.6%