Directory Traversal Vulnerability in GNOME File-Roller
CVE-2020-36314

3.9LOW

Key Information:

Vendor

Gnome
Status
File-roller
Vendor
CVE Published:
7 April 2021

What is CVE-2020-36314?

A directory traversal vulnerability has been identified in GNOME File-Roller prior to version 3.38.0, which could allow attackers to exploit the process of extracting files. This security flaw arises from inadequate validation when handling files whose parent directories are symbolic links, potentially allowing unauthorized access to the filesystem. This issue stems from an incomplete fix for a previous security concern and highlights the importance of comprehensive implementations in handling file extraction safely. Users are encouraged to update to the latest version to mitigate this risk.

References

https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
x_refsource_MISC
https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.