How severe is CVE-2020-26277?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2020-26277?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-26277 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.

Related Vulnerabilities

CVE-2013-1866

MEDIUM

CVSS:6.1(Medium)

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2013-1867

MEDIUM

CVSS:6.1(Medium)

Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2015-5700

MEDIUM

CVSS:6.1(Medium)

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

CWE-592015

CVE-2015-5701

MEDIUM

CVSS:6.1(Medium)

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a...

CWE-592015

CVE-2017-12258

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists be...

CWE-592017

CVE-2020-5797

MEDIUM

CVSS:6.1(Medium)

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limi...

CWE-592020