Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module
CVE-2020-7376

7.1HIGH

Key Information:

Vendor: Rapid7
Status: Metasploit Framework
Vendor: CVE Published:; 24 August 2020

What is CVE-2020-7376?

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Metasploit Framework 4.11.7 < 4.11.7*

Metasploit Framework 6.0.3

References

https://github.com/rapid7/metasploit-framework/issues/14008

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

This issue was reported, and fixed, by bcoles.

JSON

Rapid7

What is CVE-2020-7376?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.