Main Vulnerability Database SB2020052401

SB2020052401 - OpenSUSE Linux update for ant

Published: May 24, 2020

Security Bulletin ID SB2020052401

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2018-10886)

The vulnerability allows a remote attacker to create or overwrite arbitrary files on the target system.

The vulnerability exists due to the affected software allows archive files to be extracted outside of the target directory. A remote unauthenticated attacker can submit a specially crafted ZIP or TAR archive to an Ant build, trick the victim into extracting it, cause a file to be created outside the current working directory on the system and create or overwrite arbitrary files.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00055.html