3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
file-roller is vulnerable to arbitrary file write. The vulnerability exists through a directory symlink pointing outside of the target directory.
CPE | Name | Operator | Version |
---|---|---|---|
file-roller | eq | 3.28.1__1.el8 | |
file-roller | eq | 3.28.1__2.el8 | |
file-roller | eq | 3.28.1__1.el8 | |
file-roller | eq | 3.28.1__2.el8 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
access.redhat.com/errata/RHSA-2020:4820
access.redhat.com/security/updates/classification/#moderate
gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
lists.debian.org/debian-lts-announce/2020/04/msg00013.html
security.gentoo.org/glsa/202009-06
usn.ubuntu.com/4332-1/
usn.ubuntu.com/4332-2/
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P