1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Debian’s cpio contains a path traversal vulnerability. This issue was
introduced by reverting CVE-2015-1197 patches which had caused a regression
in --no-absolute-filenames. Upstream has since provided a proper fix to
–no-absolute-filenames.
Author | Note |
---|---|
ccdm94 | bionic and earlier are not affected by this issue as the CVE patch for CVE-2015-1197 was not reverted in these releases. |
git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628
launchpad.net/bugs/cve/CVE-2023-7207
nvd.nist.gov/vuln/detail/CVE-2023-7207
security-tracker.debian.org/tracker/CVE-2023-7207
ubuntu.com/security/notices/USN-6755-1
www.cve.org/CVERecord?id=CVE-2023-7207
www.openwall.com/lists/oss-security/2023/12/21/8
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%