Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Vulnerability Description
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a user-controlled output directory with the package's Metadata.Name field read directly from the untrusted package's zarf.yaml manifest. Although Metadata.Name is validated against a regex on package creation, an attacker can unarchive a package to modify the Metadata.Name field to contain path traversal sequences such as ../../etc/cron.d/malicious or absolute paths like /home/user/.ssh/authorized_keys, along with the corresponding files inside SBOMS.tar. This allows writing attacker-controlled content to arbitrary filesystem locations within the permissions of the user running the inspect command. This issue has been fixed in version 0.74.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Zarf 安全漏洞
Vulnerability Description
Zarf是zarf-dev开源的一个Kubernetes离线环境软件交付工具。 Zarf 0.23.0至0.74.1版本存在安全漏洞,该漏洞源于zarf package inspect子命令中路径遍历问题,可能导致向任意文件系统位置写入攻击者控制的内容。
CVSS Information
N/A
Vulnerability Type
N/A