CVE-2021-3806
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TUBITAK | Pardus Software Center | unspecified < 0.1.0~beta10 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://www.usom.gov.tr/bildirim/tr-21-0754
- https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/
References
- https://www.usom.gov.tr/bildirim/tr-21-0754
- https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-21-0754
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.