{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "1.1.31" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6a8de061f8fdc885e74ebe8c94625bf53643b71c" } ], "repo": "https://github.com/rpm-software-management/yum-utils", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "7554c0133eb830a71dc01846037cc047d0acbc2c" } ], "repo": "https://github.com/rpm-software-management/yum-utils", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "6a8de061f8fdc885e74ebe8c94625bf53643b71c" } ], "repo": "https://github.com/rpm-software-management/yum-utils", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "7554c0133eb830a71dc01846037cc047d0acbc2c" } ], "repo": "https://github.com/rpm-software-management/yum-utils", "type": "GIT" } ] } ], "details": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.", "id": "CVE-2018-10897", "modified": "2026-04-01T23:08:43.352747936Z", "published": "2018-08-01T17:29:00.457Z", "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:2284" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:2626" }, { "type": "ADVISORY", "url": "https://github.com/rpm-software-management/yum-utils/pull/43" }, { "type": "ADVISORY", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1041594" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:2285" }, { "type": "FIX", "url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c" }, { "type": "FIX", "url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c" }, { "type": "FIX", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }