Skip to content

Arbitrary File Write when Extracting Tarballs retrieved from a remote location using `shutil.unpack_archive()`

Moderate
kmacoskey published GHSA-hgm9-2q42-c7f3 May 15, 2023

Package

pip gpdb (pip)

Affected versions

<= 6.22.2

Patched versions

6.22.3

Description

Summary

Greenplum Database used an unsafe methods to extract tar files within GPPKGs. It is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system.

CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

CVSS score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

Impact

Greenplum Database versions older then 6.23.2 are vulnerable.

Mitigation

All users are requested to upgrade to Greenplum Database version 6.23.2 or higher

Credits

Thanks to Sim4n6 for reporting this issue to us.

Severity

Moderate
6.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE ID

CVE-2023-31131

Weaknesses

Credits