CVE-2018-10897 — Link Following in Yum-utils
Severity
8.1HIGHNVD
EPSS
2.6%
top 14.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 1
Latest updateMay 13
Description
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-48q2-62w2-89cw: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration file↗2022-05-13
CVEList▶
CVE-2018-10897: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration file↗2018-08-01
📋Vendor Advisories
1💬Community
3Bugzilla▶
CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]↗2018-07-27
Bugzilla▶
CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]↗2018-07-12
Bugzilla▶
CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal↗2018-07-11