CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
redhatlibrepo
𝑥
< 1.12.1
opensusebackports_sle
15.0:sp2
opensuseleap
15.2
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
librepo
RHEL 7
0:1.8.1-8.el7_9
fixed
RHEL 8
0:1.11.0-3.el8_2
fixed
RHEL 8.0 E4S
0:1.9.2-2.el8_0
fixed
RHEL 8.1 E4S
0:1.10.3-4.el8_1
fixed
RHEL 8.1 EUS
0:1.10.3-4.el8_1
fixed
RHEL 8.2 AUS
0:1.11.0-3.el8_2
fixed
RHEL 8.2 E4S
0:1.11.0-3.el8_2
fixed
RHEL 8.2 EUS
0:1.11.0-3.el8_2
fixed
RHEL 8.2 TUS
0:1.11.0-3.el8_2
fixed
librepo-devel
RHEL 7
0:1.8.1-8.el7_9
fixed
python-librepo
RHEL 7
0:1.8.1-8.el7_9
fixed
python3-librepo
RHEL 8
0:1.11.0-3.el8_2
fixed
RHEL 8.0 E4S
0:1.9.2-2.el8_0
fixed
RHEL 8.1 E4S
0:1.10.3-4.el8_1
fixed
RHEL 8.1 EUS
0:1.10.3-4.el8_1
fixed
RHEL 8.2 AUS
0:1.11.0-3.el8_2
fixed
RHEL 8.2 E4S
0:1.11.0-3.el8_2
fixed
RHEL 8.2 EUS
0:1.11.0-3.el8_2
fixed
RHEL 8.2 TUS
0:1.11.0-3.el8_2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00055.html
https://bugzilla.redhat.com/show_bug.cgi?id=1866498
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33RX4P5R5YL4NZSFSE4NOX37X6YCXAS4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOMDEQBRJ7SO2QWL7H23G3VV2VSCUYOY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDMHVY7OMIJNSPVZ2GJWHT77Z5V3YJ55/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00055.html
https://bugzilla.redhat.com/show_bug.cgi?id=1866498
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33RX4P5R5YL4NZSFSE4NOX37X6YCXAS4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOMDEQBRJ7SO2QWL7H23G3VV2VSCUYOY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDMHVY7OMIJNSPVZ2GJWHT77Z5V3YJ55/