CVE-2018-1000079

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759	Patch Third Party Advisory
https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099	Patch Third Party Advisory
http://blog.rubygems.org/2018/02/15/2.7.6-released.html	Vendor Advisory
https://usn.ubuntu.com/3621-1/
https://www.debian.org/security/2018/dsa-4219
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://www.debian.org/security/2018/dsa-4259
https://access.redhat.com/errata/RHSA-2018:3731
https://access.redhat.com/errata/RHSA-2018:3730
https://access.redhat.com/errata/RHSA-2018:3729
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://access.redhat.com/errata/RHSA-2019:2028
https://access.redhat.com/errata/RHSA-2020:0542
https://access.redhat.com/errata/RHSA-2020:0591
https://access.redhat.com/errata/RHSA-2020:0663

Configurations

Configuration 1 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Information

Published : 2018-03-13 08:29

Updated : 2018-11-30 03:29

NVD link : CVE-2018-1000079

Mitre link : CVE-2018-1000079

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

rubygems

rubygems

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759", "name": "https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099", "name": "https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", "name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://usn.ubuntu.com/3621-1/", "name": "USN-3621-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://www.debian.org/security/2018/dsa-4219", "name": "DSA-4219", "tags": [], "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": [], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2018/dsa-4259", "name": "DSA-4259", "tags": [], "refsource": "DEBIAN"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3731", "name": "RHSA-2018:3731", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3730", "name": "RHSA-2018:3730", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3729", "name": "RHSA-2018:3729", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "name": "openSUSE-SU-2019:1771", "tags": [], "refsource": "SUSE"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2028", "name": "RHSA-2019:2028", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0542", "name": "RHSA-2020:0542", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0591", "name": "RHSA-2020:0591", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0663", "name": "RHSA-2020:0663", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-1000079", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2018-03-13T15:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.2.9"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.3.6"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-30T11:29Z"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-1000079

5.5^/10

4.3^/10

Attach tags to `CVE-2018-1000079`