Lucene search

Veracode Vulnerability DatabaseVERACODE:43955

HistoryOct 24, 2023 - 4:47 a.m.

Arbitrary File Write

2023-10-2404:47:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary file write

path traversal

io.scala

zip

jar

pullremotecache

resolvers.remote

software

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

sbt is vulnerable to Path Traversal. The vulnerability is a result of the absence of path sanitization in the IO.scala file. This oversight allows an attacker to access files outside the expected directory and write arbitrary files. An attacker can exploit this vulnerability by providing a maliciously crafted zip or JAR file through the /root/.ssh/authorized_keys if the IO.unzip is used in the pullRemoteCache task and Resolvers.remote

CPENameOperatorVersion
sbtle2.0.0-alpha7
sbtle1.9.6
sbtle2.0.0-alpha7
sbtle1.9.6

Name	Operator	Version
sbt	le	2.0.0-alpha7
sbt	le	1.9.6
sbt	le	2.0.0-alpha7
sbt	le	1.9.6

References

github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a

github.com/sbt/io/issues/358

github.com/sbt/io/pull/360

github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

Related for VERACODE:43955