Home > Vulnerability Database > CVE-2023-7216

Mend.io Vulnerability Database

CVE-2023-7216

Date: February 5, 2024

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

Severity Score

5.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-7216

Url: https://access.redhat.com/security/cve/CVE-2023-7216

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2249901

Url: https://www.mend.io/vulnerability-database/CVE-2023-7216

Severity Score

5.3

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-7216

Date: February 5, 2024

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?