Skip to main content

Ark CVE-2020-16116

LOW
Path Traversal (CWE-22)
2020-08-03 cve@mitre.org
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 03, 2020 - 20:15 nvd
LOW 3.3

DescriptionNVD

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

AnalysisAI

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Affected products include: Kde Ark, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Canonical Ubuntu Linux. Version information: before 20.08.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

Share

CVE-2020-16116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy