V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2020-8161
AST
Medium

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::D…

CVSS
5.9
Medium
EPSS
0.04
p87
Published
2020-01-01
Updated
2020-01-01
Description

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

Tags · CWE
Pre-auth
CWE-22
CWE-548
CAPEC-64
CAPEC-76
CAPEC-78
CAPEC-79
CAPEC-126
Affected products
Ansible-collection-redhat-satelliteAnsible-collection-redhat-satelliteAnsible-runnerAnsible-runnerAnsiblerole-foreman_scap_clientAnsiblerole-foreman_scap_clientAnsiblerole-insights-clientAnsiblerole-insights-clientAnsiblerole-satellite-receptor-installerAnsiblerole-satellite-receptor-installerCandlepinCandlepinCreaterepo_cCreaterepo_cForemanForemanForeman-bootloaders-redhatForeman-bootloaders-redhatForeman-discovery-imageForeman-discovery-image
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
2020-01-01
Published
2020-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.036 · p87
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Debian LinuxRuby-rack
Canonical
Ubuntu LinuxRuby-rack
Red Hat
SatelliteCandlepinRubygem-rackForemanKatelloPulpKatello-certs-toolsForeman-proxyPulp-rpmPulp-puppet+369
Группа Астра (РусБИТех)
Ruby-rack
Rack_project
Rack
ProductVendorStatus
ansible-collection-redhat-satelliteTracked
ansible-collection-redhat-satelliteTracked
ansible-runnerTracked
ansible-runnerTracked
ansiblerole-foreman_scap_clientTracked
ansiblerole-foreman_scap_clientTracked
ansiblerole-insights-clientTracked
ansiblerole-insights-clientTracked
ansiblerole-satellite-receptor-installerTracked
ansiblerole-satellite-receptor-installerTracked
candlepinTracked
candlepinTracked
createrepo_cTracked
createrepo_cTracked
foremanTracked
foremanTracked
foreman-bootloaders-redhatTracked
foreman-bootloaders-redhatTracked
foreman-discovery-imageTracked
foreman-discovery-imageTracked
Showing first 20 of 775
Source databases
AST
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2021-01347