{
  "threat_severity" : "Important",
  "public_date" : "2021-10-18T00:00:00Z",
  "bugzilla" : {
    "description" : "civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API",
    "id" : "2016640",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2016640"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-22",
  "details" : [ "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal", "A remote code execution vulnerability was found in CivetWeb (embeddable web server/library). Due to a directory traversal issue, an attacker is able to add or overwrite files that are subsequently executed which lead to impact to confidentiality, integrity, and availability of the application." ],
  "statement" : "This issue only impacts CivetWeb-based web applications that use the built-in file upload form handler (full working example in the “embedded_c” example in the CivetWeb sources).\nRed Hat Advanced Cluster Security includes code from CivetWeb in the Collector component, however it does not use the file upload form handler, hence is not impacted by this vulnerability. This vulnerability is rated Low for Red Hat Advanced Cluster Security.",
  "affected_release" : [ {
    "product_name" : "RHACS-3.67-RHEL-8",
    "release_date" : "2021-12-01T00:00:00Z",
    "advisory" : "RHSA-2021:4902",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.67::el8",
    "package" : "advanced-cluster-security/rhacs-rhel8-operator:3.67.0-3",
    "impact" : "low"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Will not fix",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  }, {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-27304\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27304\nhttps://groups.google.com/g/civetweb/c/yPBxNXdGgJQ\nhttps://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/" ],
  "name" : "CVE-2020-27304",
  "csaw" : false
}