CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.0%
sbt is vulnerable to Path Traversal. The vulnerability is a result of the absence of path sanitization in the IO.scala
file. This oversight allows an attacker to access files outside the expected directory and write arbitrary files. An attacker can exploit this vulnerability by providing a maliciously crafted zip
or JAR
file through the /root/.ssh/authorized_keys
if the IO.unzip
is used in the pullRemoteCache
task and Resolvers.remote
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.0%