Relative Path Traversal (CWE-23)
A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.
This vulnerability allows an unauthenticated remote attacker to potentially overwrite or delete files outside the intended scope on the target system. The attack requires user interaction, specifically tricking a user into opening a specially crafted .tar archive. The vulnerability has a high impact on both integrity and availability of the system, while confidentiality is not directly affected. Given the "Changed" scope in the CVSS score, the impact may extend beyond the vulnerable component, potentially affecting the wider system or other components.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available for this vulnerability. The issue has been addressed in the devfile/registry-support repository with a commit (0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d) and a pull request (#197). The vulnerability affects versions of registry-support before 0.0.0-20240206.
1. Update the affected devfile/registry-support to version 0.0.0-20240206 or later. 2. Implement strict input validation and sanitization for any file-related operations, especially those involving user-supplied input. 3. Use proper access controls and file system permissions to limit the potential impact of path traversal attacks. 4. Educate users about the risks of opening untrusted .tar archives and implement security awareness training. 5. Consider implementing additional security measures such as sandboxing or containerization to isolate potentially malicious file operations. 6. Regularly monitor and audit system logs for any suspicious file system activities that might indicate exploitation attempts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
NVD published the first details for CVE-2024-1485
Feedly found the first article mentioning CVE-2024-1485. See article
EPSS Score was set to: 0.05% (Percentile: 12%)
RedHat CVE advisory released a security advisory (CVE-2024-1485).
A CVSS base score of 9.3 has been assigned.