How severe is CVE-2020-14352?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2020-14352?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2020-14352 - HIGH Severity | CVSS 8

Vulnerability Description

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Related Vulnerabilities

CVE-2015-8798

HIGH

CVSS:8.0(High)

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for C...

CWE-222015

CVE-2018-11494

HIGH

CVSS:8.0(High)

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step...

CWE-222018

CVE-2018-16221

HIGH

CVSS:8.0(High)

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remo...

CWE-222018

CVE-2018-7771

HIGH

CVSS:8.0(High)

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard...

CWE-222018

CVE-2019-0887

HIGH

CVSS:8.0(High)

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Service...

CWE-222019

CVE-2019-10220

HIGH

CVSS:8.0(High)

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CWE-222019