5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.storm:storm-core | lt | 1.0.7 | |
org.apache.storm:storm-core | lt | 1.1.3 | |
org.apache.storm:storm-core | lt | 1.2.2 |
www.securityfocus.com/bid/104418
github.com/advisories/GHSA-898j-5cc8-cmf5
github.com/apache/storm/commit/0fc6b522487c061f89e8cdacf09f722d3f20589
github.com/apache/storm/commit/efad4cca2d7d461f5f8c08a0d7b51fabeb82d0a
github.com/apache/storm/commit/f61e5daf299d6c37c7ad65744d02556c94a16a4
issues.apache.org/jira/browse/STORM-3052
lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-8008
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%