CVE-2020-29050 — Path Traversal in Sphinxsearch

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Sphinxsearch Sphinxsearch Sphinx Debian Linux

Timeline

PublishedJan 10

Latest updateJan 11

Description

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/sphinxsearch< sphinxsearch 2.2.11-3 (bookworm)

▶NVDsphinxsearch/sphinx3.1.1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-4g2j-rgw2-wmrw: SphinxSearch in Sphinx Technologies Sphinx through 3↗2022-01-11

▶

OSV

CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3↗2022-01-10

▶

📋Vendor Advisories

Debian

CVE-2020-29050: sphinxsearch - SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traver...↗2020

▶