CVE-2018-25046: Path traversal in code.cloudfoundry.org/archiver

Q: What is CVE-2018-25046?

CVE-2018-25046 is a vulnerability that allows files to be written or overwritten outside of the target directory due to improper path sanitization in Cloudfoundry Archiver.

Q: How severe is CVE-2018-25046?

CVE-2018-25046 has a severity rating of 9.1 (Critical).

Q: What is the affected software by CVE-2018-25046?

The affected software by CVE-2018-25046 is Cloudfoundry Archiver up to version 2018-05-23.

Q: How can CVE-2018-25046 be fixed?

To fix CVE-2018-25046, it is recommended to update Cloudfoundry Archiver to a version that includes the fix.

Q: What is the CWE of CVE-2018-25046?

The CWE (Common Weakness Enumeration) of CVE-2018-25046 is CWE-22.

Published Dec 27, 2022

Updated

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected Software

1 affected component

Cloudfoundry archiver<2018-05-23

Remediation

Patch Available

https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840

Event History

Dec 27, 2022

CVE Published

via MITRE·09:13 PM

Data Sourced

via MITRE·09:13 PM

DescriptionWeakness

Frequently Asked Questions

What is CVE-2018-25046?

CVE-2018-25046 is a vulnerability that allows files to be written or overwritten outside of the target directory due to improper path sanitization in Cloudfoundry Archiver.

How severe is CVE-2018-25046?

CVE-2018-25046 has a severity rating of 9.1 (Critical).

What is the affected software by CVE-2018-25046?