CVE-2020-7376

Summary

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.

Affected Software

VendorProductVersion RangeStatus
Rapid7Metasploit Framework4.11.7 < 4.11.7*affected
Rapid7Metasploit Framework6.0.3 < 6.0.3affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References