Back to bug 2219506
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-07-04 05:25:24 UTC | CC | hhorak, jorton, mizdebsk | |
| TEJ RATHI | 2023-07-04 05:36:19 UTC | Blocks | 2219508 | |
| TEJ RATHI | 2023-07-04 05:37:01 UTC | Depends On | 2219509 | |
| Red Hat Bugzilla | 2023-07-07 08:31:09 UTC | Assignee | security-response-team | nobody |
| Chess Hazlett | 2023-08-08 22:14:42 UTC | CC | anstephe, avibelli, bgeorges, clement.escoffier, dandread, gsmet, hamadhan, jmartisk, lthon, max.andersen, peholase, pgallagh, probinso, rruss, rsvoboda, sbiarozk, sdouglas, tqvarnst | |
| Chess Hazlett | 2023-08-08 22:37:28 UTC | Doc Text | When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. An attacker with control of an archive's source used by the build or capability to modify the build to interact with a malicious archive could use this flaw to overwrite existing archives or to extract information from sensitive files. | |
| Chess Hazlett | 2023-08-08 22:38:19 UTC | Summary | TRIAGE-CVE-2023-35947 gradle: path traversal while handling of tar archives | CVE-2023-35947 gradle: path traversal while handling of tar archives |
| Alias | TRIAGE-CVE-2023-35947 | CVE-2023-35947 | ||
| RaTasha Tillery-Smith | 2023-08-09 14:11:22 UTC | Doc Text | When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. An attacker with control of an archive's source used by the build or capability to modify the build to interact with a malicious archive could use this flaw to overwrite existing archives or to extract information from sensitive files. | A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an archive's source used by the build or capability to modify the build to interact with a malicious archive and overwrite existing archives or extract information from sensitive files. |
Back to bug 2219506