CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
5.1%
rust is vulnerable to Directory Traversal. This vulnerability occurs when Cargo downloads a crate that contains files with 0777 permissions. If the user has write access to the Cargo directory, they could exploit this vulnerability to create or modify arbitrary files.
en.wikipedia.org/wiki/Umask
github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff
github.com/rust-lang/cargo/pull/12443
github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
lists.fedoraproject.org/archives/list/[email protected]/message/QGKE6PGM4HIQUHPJRBQAHMELINSGN4H4/
lists.fedoraproject.org/archives/list/[email protected]/message/QMEXGUGPW5OBSQA6URTBNDSU3RAEFOZ4/
secdb.alpinelinux.org/edge/main.yaml
www.rust-lang.org/policies/security