GitHub Advisory DatabaseGHSA-HPXR-W9W7-G4GVstereoscope vulnerable to tar path traversal when processing OCI tar archives
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.4%
Impact
It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of github.com/anchore/stereoscope/pkg/file.UntarToDirectory() function, the github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider struct, or the higher level github.com/anchore/stereoscope/pkg/image.Image.Read() function express this vulnerability.
Patches
Patched in v0.0.1
Workarounds
If you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope.
References
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| anchore | stereoscope | * | cpe:2.3:a:anchore:stereoscope:*:*:*:*:*:go:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.4%