CVE-2021-3907

Sažetak

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.

Reference

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
https://www.debian.org/security/2021/dsa-5033
https://www.debian.org/security/2022/dsa-5041
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3jhm-87m6-x959

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

01-02-2023 - 15:15

Objavljeno

11-11-2021 - 22:15