CVE-2021-43099
Description
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | HIGH |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | NONE |
IntegrityImpact | HIGH |
AvailabilityImpact | NONE |
BaseScore | 4.9 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:S/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | SINGLE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 4 |