#VU49352 Files or Directories Accessible to External Parties in bundler - CVE-2019-3881

Cybersecurity Help s.r.o.

Published: 2020-09-04 | Updated: 2021-01-08

Vulnerability identifier: #VU49352

Vulnerability risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3881

CWE-ID: CWE-552

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
bundler
Universal components / Libraries / Software for developers

Vendor: Bundler

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Bundler uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

bundler: 1.0.0 rc1 - 2.0.2

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1651826

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Bundler

Multiple vulnerabilities in IBM Cloud Foundry Migration Runtime

openEuler 20.03 LTS SP2 update for rubygem-bundler

Red Hat Enterprise Linux 8 update for the ruby:2.6 module

Red Hat Software Collections update for rh-ruby26-ruby

GitLab security update for bundler and curl

Privilege escalation in Bundler