CVE-2014-1707 : Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attac

Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.

Published 2014-03-16 14:06:46

Updated 2014-03-26 01:53:53

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2014-1707

Probability of exploitation activity in the next 30 days: 0.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

https://code.google.com/p/chromium/issues/detail?id=351811

351811 - Security: Pwnium 4 GeoHot bug: cros-disks accepts labels, has path traversal issues. - chromium - Monorail
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html

Chrome Releases: Stable Channel Update for Chrome OS
Vendor Advisory

CVEs referencing this url

Google » Chrome Os
Versions up to, including, (<=) 33.0.1750.149
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.16
cpe:2.3:o:google:chrome_os:33.0.1750.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.70
cpe:2.3:o:google:chrome_os:33.0.1750.70:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.93
cpe:2.3:o:google:chrome_os:33.0.1750.93:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.58
cpe:2.3:o:google:chrome_os:33.0.1750.58:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.29
cpe:2.3:o:google:chrome_os:33.0.1750.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.5
cpe:2.3:o:google:chrome_os:33.0.1750.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.124
cpe:2.3:o:google:chrome_os:33.0.1750.124:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.2
cpe:2.3:o:google:chrome_os:33.0.1750.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.51
cpe:2.3:o:google:chrome_os:33.0.1750.51:*:*:*:*:*:*:*
Matching versions
Google » Chrome Os » Version: 33.0.1750.112
cpe:2.3:o:google:chrome_os:33.0.1750.112:*:*:*:*:*:*:*
Matching versions