CVE-2011-1586External Control of File Name or Path in SC

CWE-73External Control of File Name or PathCWE-22Path Traversal6 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
0.8%
top 25.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE SC
Timeline
PublishedApr 27
Latest updateMay 17

Description

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDkde/kde_sc4.6.2+43

Patches

Patch: websvn.kde.orgPatch: websvn.kde.orgPatch: websvn.kde.org

🔴Vulnerability Details

2
GHSA
GHSA-w8p8-fqqv-v8w8: Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker2022-05-17
CVEList
CVE-2011-1586: Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker2011-04-27

📋Vendor Advisories

2
Ubuntu
KDENetwork vulnerability2011-04-18
Red Hat
kdenetwork: incomplete fix for CVE-2010-10002011-04-11

💬Community

1
Bugzilla
CVE-2011-1586 kdenetwork: incomplete fix for CVE-2010-10002011-04-15
CVE-2011-1586 — External Control of File Name or Path | cvebase