Vulnerability Details CVE-2019-17109
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2019/10/09/5
- https://docs.pagure.org/koji/CVE-2019-17109/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/
- https://pagure.io/koji/commits/master
- http://www.openwall.com/lists/oss-security/2019/10/09/5
- https://docs.pagure.org/koji/CVE-2019-17109/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/
- https://pagure.io/koji/commits/master
Products affected by CVE-2019-17109
-
cpe:2.3:a:koji_project:koji:1.10.0
-
cpe:2.3:a:koji_project:koji:1.10.1
-
cpe:2.3:a:koji_project:koji:1.11.0
-
cpe:2.3:a:koji_project:koji:1.11.1
-
cpe:2.3:a:koji_project:koji:1.12.0
-
cpe:2.3:a:koji_project:koji:1.12.1
-
cpe:2.3:a:koji_project:koji:1.12.2
-
cpe:2.3:a:koji_project:koji:1.13.0
-
cpe:2.3:a:koji_project:koji:1.13.1
-
cpe:2.3:a:koji_project:koji:1.13.2
-
cpe:2.3:a:koji_project:koji:1.14.0
-
cpe:2.3:a:koji_project:koji:1.14.1
-
cpe:2.3:a:koji_project:koji:1.14.2
-
cpe:2.3:a:koji_project:koji:1.15.0
-
cpe:2.3:a:koji_project:koji:1.15.1
-
cpe:2.3:a:koji_project:koji:1.15.2
-
cpe:2.3:a:koji_project:koji:1.16.0
-
cpe:2.3:a:koji_project:koji:1.16.1
-
cpe:2.3:a:koji_project:koji:1.16.2
-
cpe:2.3:a:koji_project:koji:1.17.0
-
cpe:2.3:a:koji_project:koji:1.18.0
-
cpe:2.3:a:koji_project:koji:1.3.1
-
cpe:2.3:a:koji_project:koji:1.3.2
-
cpe:2.3:a:koji_project:koji:1.4.0
-
cpe:2.3:a:koji_project:koji:1.5.0
-
cpe:2.3:a:koji_project:koji:1.6.0
-
cpe:2.3:a:koji_project:koji:1.7.0
-
cpe:2.3:a:koji_project:koji:1.7.1
-
cpe:2.3:a:koji_project:koji:1.8.0
-
cpe:2.3:a:koji_project:koji:1.9.0