Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27833

EPSS 0.10% · P27
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-27833

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Openshift-client 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Openshift-client是美国Red Hat公司的一个基于Python的用于与Openshift平台交互的软件包。 openshift-clients存在安全漏洞,该漏洞源于openshift-client允许tarball在tarball的父目录之外创建链接,允许可执行文件或配置文件被覆盖。攻击者可利用该漏洞导致任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-openshift/oc up to & including openshift-clients-4.7.0-202104250659.p0.git.95881af -

II. Public POCs for CVE-2020-27833

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-27833

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-05-14 · 28 CVEs total

CVE-2021-25941deep-override 安全漏洞
CVE-2020-27769Imagemagick Studio ImageMagick 输入验证错误漏洞
CVE-2021-32051Hexagon Intergraph G!NIUS SQL注入漏洞
CVE-2021-31922Pulse Secure Virtual Traffic Manager 环境问题漏洞
CVE-2021-30183Octopus Server 安全漏洞
CVE-2020-27020Kaspersky Password Manager 加密问题漏洞
CVE-2020-27149MOXA NPort IA5150A 访问控制错误漏洞
CVE-2020-27150MOXA NPort IA5150A Series 安全漏洞
CVE-2020-27184MOXA Moxa NPort IA5150A Series 加密问题漏洞
CVE-2020-27185MOXA NPort IA5150A Series 安全漏洞
CVE-2021-32613radare2 资源管理错误漏洞
CVE-2020-18166LAOBANCMS 代码问题漏洞
CVE-2020-18167LAOBANCMS 跨站脚本漏洞
CVE-2021-25943101 安全漏洞
CVE-2020-16632DedeCMS 跨站脚本漏洞
CVE-2020-23689YFCMF 跨站脚本漏洞
CVE-2020-23691YFCMF 安全漏洞
CVE-2020-17891Tp-link TP-Link Archer C1200 跨站脚本漏洞
CVE-2021-3537libxml2 代码问题漏洞
CVE-2021-3402YARA 输入验证错误漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-20

V. Comments for CVE-2020-27833

No comments yet

Leave a comment