CVE-2023-7216 โ€” Link Following in Redhat Enterprise Linux

CWE-59 โ€” Link FollowingCWE-22 โ€” Path Traversal5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 48.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedFeb 5

Description

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages0 packages

Also affects: Enterprise Linux 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
OSV
CVE-2023-7216: A path traversal vulnerability was found in the CPIO utilityโ†—2024-02-05
โ–ถ
GHSA
GHSA-v9vx-4mxw-76j2: A path traversal vulnerability was found in the CPIO utilityโ†—2024-02-05
โ–ถ
CVEList
Cpio: extraction allows symlinks which enables remote command executionโ†—2024-02-05
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
CPIO: extraction allows symlinks which enables Remote Command Executionโ†—2024-02-05
โ–ถ
CVE-2023-7216 โ€” Link Following in Redhat | cvebase