CVE-2019-13241 — Path Traversal in Flightcrew

CWE-22 — Path Traversal9 documents6 sources

Severity

7.8HIGHNVD

OSV5.5

EPSS

0.7%

top 27.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flightcrew Project Flightcrew Debian Flightcrew Canonical Ubuntu Linux

Timeline

PublishedJul 4

Latest updateMay 24

Description

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/flightcrew< flightcrew 0.7.2+dfsg-14 (bookworm)

▶Debianflightcrew_project/flightcrew< 0.7.2+dfsg-14+3

▶Ubuntuflightcrew_project/flightcrew< 0.7.2+dfsg-6ubuntu0.1+1

▶NVDflightcrew_project/flightcrew0.9.2

Also affects: Ubuntu Linux 16.04, 18.04, 18.10, 19.04

🔴Vulnerability Details

GHSA

GHSA-jff3-mqp2-2qvx: FlightCrew v0↗2022-05-24

▶

OSV

flightcrew vulnerabilities↗2019-07-15

▶

OSV

CVE-2019-13241: FlightCrew v0↗2019-07-04

▶

📋Vendor Advisories

Ubuntu

flightcrew vulnerabilities↗2019-07-15

▶

Debian

CVE-2019-13241: flightcrew - FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing at...↗2019

▶

💬Community

Bugzilla

CVE-2019-13241 FlightCrew: directory traversal allows to write arbitrary files [epel-7]↗2019-07-08

▶

Bugzilla

CVE-2019-13241 flightcrew: directory traversal allows to write arbitrary files↗2019-07-08

▶

Bugzilla

CVE-2019-13241 FlightCrew: directory traversal allows to write arbitrary files [fedora-all]↗2019-07-08

▶