Directory Traversal Vulnerability in GNOME's File Roller
CVE-2020-11736

3.9LOW

Key Information:

Vendor

Gnome
Status
File-roller
Vendor
CVE Published:
13 April 2020

What is CVE-2020-11736?

The vulnerability in GNOME's File Roller prior to version 3.36.1 allows attackers to exploit a weakness during file extraction. The flaw manifests due to insufficient validation of file paths, particularly when a file's parent directory is a symbolic link pointing outside the intended extraction path. This lack of checks can enable unauthorized access to files outside designated directories, potentially exposing sensitive information.

References

https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfc...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/04/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4332-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.