Search
Find a vulnerability
Search criteria
6 vulnerabilities found for koji by koji_project
CVE-2019-17109 (GCVE-0-2019-17109)
Vulnerability from nvd – Published: 2019-10-09 21:30 – Updated: 2024-08-05 01:33
VLAI
EPSS
VEX
Summary
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/10/09/5 | x_refsource_MISC |
| https://docs.pagure.org/koji/CVE-2019-17109/ | x_refsource_CONFIRM |
| https://pagure.io/koji/commits/master | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T03:07:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2019/10/09/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"name": "https://docs.pagure.org/koji/CVE-2019-17109/",
"refsource": "CONFIRM",
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"name": "https://pagure.io/koji/commits/master",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17109",
"datePublished": "2019-10-09T21:30:22.000Z",
"dateReserved": "2019-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002150 (GCVE-0-2018-1002150)
Vulnerability from nvd – Published: 2018-04-04 20:00 – Updated: 2024-09-16 20:37
VLAI
EPSS
VEX
Summary
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.pagure.org/koji/CVE-2018-1002150/ | x_refsource_CONFIRM |
| https://pagure.io/koji/issue/850 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/issue/850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T20:00:00.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/issue/850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2018-1002150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.pagure.org/koji/CVE-2018-1002150/",
"refsource": "CONFIRM",
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"name": "https://pagure.io/koji/issue/850",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/issue/850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2018-1002150",
"datePublished": "2018-04-04T20:00:00.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:35.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002153 (GCVE-0-2017-1002153)
Vulnerability from nvd – Published: 2017-10-06 17:00 – Updated: 2024-09-16 19:10
VLAI
EPSS
VEX
Summary
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pagure.io/koji/issue/563 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Koji Project | Koji |
Affected:
1.13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:11.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/issue/563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Koji",
"vendor": "Koji Project",
"versions": [
{
"status": "affected",
"version": "1.13.0"
}
]
}
],
"dateAssigned": "2017-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T17:00:00.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/issue/563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"DATE_ASSIGNED": "2017-09-19T16:52Z",
"ID": "CVE-2017-1002153",
"REQUESTER": "patrick@puiterwijk.org",
"STATE": "PUBLIC",
"UPDATED": "2017-09-19T20:44Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Koji",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.13.0"
}
]
}
}
]
},
"vendor_name": "Koji Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/koji/issue/563",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/issue/563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2017-1002153",
"datePublished": "2017-10-06T17:00:00.000Z",
"dateReserved": "2017-10-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:06.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17109 (GCVE-0-2019-17109)
Vulnerability from cvelistv5 – Published: 2019-10-09 21:30 – Updated: 2024-08-05 01:33
VLAI
EPSS
VEX
Summary
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/10/09/5 | x_refsource_MISC |
| https://docs.pagure.org/koji/CVE-2019-17109/ | x_refsource_CONFIRM |
| https://pagure.io/koji/commits/master | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T03:07:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2019/10/09/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/5"
},
{
"name": "https://docs.pagure.org/koji/CVE-2019-17109/",
"refsource": "CONFIRM",
"url": "https://docs.pagure.org/koji/CVE-2019-17109/"
},
{
"name": "https://pagure.io/koji/commits/master",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/commits/master"
},
{
"name": "FEDORA-2019-adf618865f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/"
},
{
"name": "FEDORA-2019-caff41caf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/"
},
{
"name": "FEDORA-2019-bf8b97d604",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17109",
"datePublished": "2019-10-09T21:30:22.000Z",
"dateReserved": "2019-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002150 (GCVE-0-2018-1002150)
Vulnerability from cvelistv5 – Published: 2018-04-04 20:00 – Updated: 2024-09-16 20:37
VLAI
EPSS
VEX
Summary
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.pagure.org/koji/CVE-2018-1002150/ | x_refsource_CONFIRM |
| https://pagure.io/koji/issue/850 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/issue/850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T20:00:00.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/issue/850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2018-1002150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.pagure.org/koji/CVE-2018-1002150/",
"refsource": "CONFIRM",
"url": "https://docs.pagure.org/koji/CVE-2018-1002150/"
},
{
"name": "https://pagure.io/koji/issue/850",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/issue/850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2018-1002150",
"datePublished": "2018-04-04T20:00:00.000Z",
"dateReserved": "2018-04-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:35.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002153 (GCVE-0-2017-1002153)
Vulnerability from cvelistv5 – Published: 2017-10-06 17:00 – Updated: 2024-09-16 19:10
VLAI
EPSS
VEX
Summary
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pagure.io/koji/issue/563 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Koji Project | Koji |
Affected:
1.13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:11.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/koji/issue/563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Koji",
"vendor": "Koji Project",
"versions": [
{
"status": "affected",
"version": "1.13.0"
}
]
}
],
"dateAssigned": "2017-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T17:00:00.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/koji/issue/563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"DATE_ASSIGNED": "2017-09-19T16:52Z",
"ID": "CVE-2017-1002153",
"REQUESTER": "patrick@puiterwijk.org",
"STATE": "PUBLIC",
"UPDATED": "2017-09-19T20:44Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Koji",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.13.0"
}
]
}
}
]
},
"vendor_name": "Koji Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/koji/issue/563",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/issue/563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2017-1002153",
"datePublished": "2017-10-06T17:00:00.000Z",
"dateReserved": "2017-10-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:06.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}