CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://blog.rubygems.org/2018/02/15/2.7.6-released.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://access.redhat.com/errata/RHSA-2018:3729
https://access.redhat.com/errata/RHSA-2018:3730
https://access.redhat.com/errata/RHSA-2018:3731
https://access.redhat.com/errata/RHSA-2019:2028
https://access.redhat.com/errata/RHSA-2020:0542
https://access.redhat.com/errata/RHSA-2020:0591
https://access.redhat.com/errata/RHSA-2020:0663
https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html
https://usn.ubuntu.com/3621-1/
https://www.debian.org/security/2018/dsa-4219
https://www.debian.org/security/2018/dsa-4259
http://blog.rubygems.org/2018/02/15/2.7.6-released.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://access.redhat.com/errata/RHSA-2018:3729
https://access.redhat.com/errata/RHSA-2018:3730
https://access.redhat.com/errata/RHSA-2018:3731
https://access.redhat.com/errata/RHSA-2019:2028
https://access.redhat.com/errata/RHSA-2020:0542
https://access.redhat.com/errata/RHSA-2020:0591
https://access.redhat.com/errata/RHSA-2020:0663
https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html
https://usn.ubuntu.com/3621-1/
https://www.debian.org/security/2018/dsa-4219
https://www.debian.org/security/2018/dsa-4259

Configurations

Configuration 1 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:39

Type	Values Removed	Values Added
References	~~() http://blog.rubygems.org/2018/02/15/2.7.6-released.html - Vendor Advisory~~	() http://blog.rubygems.org/2018/02/15/2.7.6-released.html - Vendor Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html -
References	~~() https://access.redhat.com/errata/RHSA-2018:3729 -~~	() https://access.redhat.com/errata/RHSA-2018:3729 -
References	~~() https://access.redhat.com/errata/RHSA-2018:3730 -~~	() https://access.redhat.com/errata/RHSA-2018:3730 -
References	~~() https://access.redhat.com/errata/RHSA-2018:3731 -~~	() https://access.redhat.com/errata/RHSA-2018:3731 -
References	~~() https://access.redhat.com/errata/RHSA-2019:2028 -~~	() https://access.redhat.com/errata/RHSA-2019:2028 -
References	~~() https://access.redhat.com/errata/RHSA-2020:0542 -~~	() https://access.redhat.com/errata/RHSA-2020:0542 -
References	~~() https://access.redhat.com/errata/RHSA-2020:0591 -~~	() https://access.redhat.com/errata/RHSA-2020:0591 -
References	~~() https://access.redhat.com/errata/RHSA-2020:0663 -~~	() https://access.redhat.com/errata/RHSA-2020:0663 -
References	~~() https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 - Patch, Third Party Advisory~~	() https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 - Patch, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html -~~	() https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html -
References	~~() https://usn.ubuntu.com/3621-1/ -~~	() https://usn.ubuntu.com/3621-1/ -
References	~~() https://www.debian.org/security/2018/dsa-4219 -~~	() https://www.debian.org/security/2018/dsa-4219 -
References	~~() https://www.debian.org/security/2018/dsa-4259 -~~	() https://www.debian.org/security/2018/dsa-4259 -

Information

Published : 2018-03-13 15:29

Updated : 2024-11-21 03:39

NVD link : CVE-2018-1000073

Mitre link : CVE-2018-1000073

CVE.ORG link : CVE-2018-1000073

JSON object : View

Products Affected

rubygems

rubygems

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2018-1000073", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-03-13T15:29:00.427", "references": [{"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3729", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3730", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3731", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2028", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0542", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0591", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0663", "source": "cve@mitre.org"}, {"url": "https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3621-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4219", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4259", "source": "cve@mitre.org"}, {"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3729", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3730", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3731", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2028", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0542", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0591", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0663", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3621-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4219", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4259", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6."}, {"lang": "es", "value": "Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: 2.5.0 y anteriores, anteriores a la revisi\u00f3n del trunk 62422 contiene una vulnerabilidad de salto de directorio en la funci\u00f3n install_location de package.rb que puede resultar en un salto de directorio al escribir en un basedir vinculado simb\u00f3licamente fuera del root. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.7.6."}], "lastModified": "2024-11-21T03:39:34.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEE89FF0-0079-4DF5-ACFC-E1B5415E54F4", "versionEndIncluding": "2.2.9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8080FB82-5445-4A17-9ECB-806991906E80", "versionEndIncluding": "2.3.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCBC38C5-781E-4998-877D-42265F1DBD05", "versionEndIncluding": "2.4.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ACE6376-2E27-4F56-9315-03367963DB09", "versionEndIncluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

CVE-2018-1000073

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-1000073

7.5^/10

5.0^/10

Attach tags to `CVE-2018-1000073`