CVE-2023-7216 Vulnerability Details

  /     /     /  

CVE-2023-7216 Metadata Quick Info

CVE Published: 05/02/2024 | CVE Updated: 04/11/2024 | CVE Year: 2023
Source: redhat | Vendor: Red Hat | Product: Red Hat Enterprise Linux 6
Status : PUBLISHED

---

CVE-2023-7216 Description

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).