CVE-2020-8177

Published Dec 14, 2020
Last updated 8 months ago
CVSS high 7.8
Overview

Description: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Source: support@hackerone.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-74
support@hackerone.com: CWE-99
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B70F283-7175-49BD-B02A-A18762C2DD6E",
            "versionEndIncluding": "7.70.0",
            "versionStartIncluding": "7.20.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
            "versionEndExcluding": "1.0.1.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
            "versionEndExcluding": "8.2.12",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
            "versionEndExcluding": "9.0.6",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
