Directory Traversal

🗓️ 15 Jan 2019 09:25:03Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 13 Views

redhat-virtualization-host vulnerable to directory traversal via reposync in yum-util

Reporter	Title	Published	Views	Family All 88
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is End of Life	14 Dec 202120:35	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in yum-utils affects PowerKVM	26 Sep 201817:50	–	ibm
Tenable Nessus	Amazon Linux 2 : yum-utils (ALAS-2018-1063)	24 Aug 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : yum-utils (ALAS-2018-1057)	10 Aug 201800:00	–	nessus
Tenable Nessus	CentOS 6 : yum-utils (CESA-2018:2284)	10 Aug 201800:00	–	nessus
Tenable Nessus	CentOS 7 : yum-utils (CESA-2018:2285)	10 Aug 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : yum-utils (EulerOS-SA-2018-1319)	27 Sep 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : yum-utils (EulerOS-SA-2018-1320)	27 Sep 201800:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.5.1 : yum-utils (EulerOS-SA-2018-1327)	26 Oct 201800:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.5.0 : yum-utils (EulerOS-SA-2018-1349)	26 Oct 201800:00	–	nessus

Vulners

Node

rpm yum-utilsMatch1.1.30_37.el6

rpm yum-utilsMatch1.1.30_40.el6

rpm yum-utilsMatch1.1.30_30.el6

rpm yum-utilsMatch1.1.30_10.el6

rpm yum-utilsMatch1.1.30_6.el6

rpm yum-utilsMatch1.1.30_41.el6

rpm yum-utilsMatch1.1.30_14.el6

rpm yum-utilsMatch1.1.26_11.el6

rpm yum-utilsMatch1.1.30_17.el6_5

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.2_4.3.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_8.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_4.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_4.3.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_7.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch3.6_0.2.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_10.5.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_2.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.2_5.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_4.2.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch3.6_0.3.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.2_3.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_6.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_5.2.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_2.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_1.1.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_5.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_10.3.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_4.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.2_3.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_11.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_9.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_6.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.2_5.0.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.1_3.3.el7

redhat-release-virtualization-host redhat-release-virtualization-hostMatch4.0_7.1.el7

imgbased imgbasedMatch0.9.27_0.1.el7ev

imgbased imgbasedMatch0.8.11_0.1.el7ev

imgbased imgbasedMatch0.9.41_0.1.el7ev

imgbased imgbasedMatch1.0.20_0.1.el7ev

imgbased imgbasedMatch0.9.51_0.1.el7ev

imgbased imgbasedMatch0.9.23_0.1.el7ev

imgbased imgbasedMatch0.9.54_0.1.el7ev

imgbased imgbasedMatch0.8.10_0.1.el7ev

imgbased imgbasedMatch1.0.17_0.1.el7ev

imgbased imgbasedMatch0.9.58_0.1.el7ev

imgbased imgbasedMatch0.9.49_0.1.el7ev

imgbased imgbasedMatch1.0.22_1.el7ev

imgbased imgbasedMatch0.8.5_0.1.el7ev

imgbased imgbasedMatch0.8.18_0.1.el7ev

imgbased imgbasedMatch0.9.47_0.1.el7ev

imgbased imgbasedMatch1.0.16_0.1.el7ev

imgbased imgbasedMatch0.8.4_1.el7ev

imgbased imgbasedMatch0.9.33_0.1.el7ev

imgbased imgbasedMatch0.8.16_0.1.el7ev

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20161012.0.el7_2

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20180126.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20180102.3.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.2_20180813.0.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20161220.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170616.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20161116.1.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20170201.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20160817.0.el7_2

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170924.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.2_20180508.0.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch4.2_20180518.2.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch3.6_20180129.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170808.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch3.6_20170616.1.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20180410.1.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20180426.0.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170522.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch3.6_20180103.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20180314.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20171002.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20171207.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20170307.1.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170816.2.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20160906.0.el7_2

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20171101.0.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170417.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch3.6_20170424.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170706.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170914.1.el7_4

redhat-virtualization-host redhat-virtualization-hostMatch3.6_20180521.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.1_20170421.0.el7_3

redhat-virtualization-host redhat-virtualization-hostMatch4.2_20180801.0.el7_5

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20160919.0.el7_2

redhat-virtualization-host redhat-virtualization-hostMatch4.0_20170104.1.el7_3

Source	Link
securitytracker	www.securitytracker.com/id/1041594
access	www.access.redhat.com/security/updates/classification/
access	www.access.redhat.com/errata/RHSA-2018:2284
access	www.access.redhat.com/security/cve/CVE-2018-10897
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
github	www.github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
github	www.github.com/rpm-software-management/yum-utils/pull/43
help	www.help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

13 Feb 2023 07:15Current

7.7High risk

Vulners AI Score7.7

CVSS 38.1 - 8.8

CVSS 29.3

EPSS0.02619