Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42601

HistoryAug 07, 2023 - 5:59 a.m.

Directory Traversal

2023-08-0705:59:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

directory traversal

cargo

vulnerability

permissions

exploit

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0

Percentile

5.1%

rust is vulnerable to Directory Traversal. This vulnerability occurs when Cargo downloads a crate that contains files with 0777 permissions. If the user has write access to the Cargo directory, they could exploit this vulnerability to create or modify arbitrary files.

References

en.wikipedia.org/wiki/Umask

github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff

github.com/rust-lang/cargo/pull/12443

github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87

github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497

lists.fedoraproject.org/archives/list/[email protected]/message/QGKE6PGM4HIQUHPJRBQAHMELINSGN4H4/

lists.fedoraproject.org/archives/list/[email protected]/message/QMEXGUGPW5OBSQA6URTBNDSU3RAEFOZ4/

secdb.alpinelinux.org/edge/main.yaml

www.rust-lang.org/policies/security

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0

Percentile

5.1%

Related for VERACODE:42601

oraclelinux2 nessus19 fedora2 github1 redhat5 osv8 ubuntu1 cve1 debiancve1 openvas4 almalinux2 alpinelinux1 rocky2 cvelist1 prion1 redhatcve1 nvd1 githubexploit1 redos1 ubuntucve1 cbl_mariner1 hackerone1 amazon1 gentoo1