Login Sign Up

CVE-2020-12649

7.5 HIGH
Path Traversal

📋 TL;DR

CVE-2020-12649 is a directory traversal vulnerability in Gurbalib's help command that allows attackers to read sensitive files outside the intended directory. This affects systems running Gurbalib through April 30, 2020. Attackers can potentially access administrative paths and configuration files.

💻 Affected Systems

Products:
  • Gurbalib
Versions: All versions through 2020-04-30
Operating Systems: All platforms running Gurbalib
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the default help command implementation in lib/cmds/player/help.c

📦 What is this software?

Gurbalib by Gurbalib Project

View all CVEs affecting Gurbalib →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or SSH keys leading to privilege escalation or lateral movement.

🟠

Likely Case

Information disclosure of sensitive files, configuration data, or user information that could enable further attacks.

🟢

If Mitigated

Limited impact with proper file permissions and access controls preventing sensitive file access.

🌐 Internet-Facing: MEDIUM - Requires user interaction or specific command execution, but could be exploited if help functionality is exposed.
🏢 Internal Only: MEDIUM - Internal users could exploit to escalate privileges or access sensitive information.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to execute the help command with crafted parameters. The vulnerability is well-documented in the GitHub pull request.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2020-04-30

Vendor Advisory: https://github.com/sirdude/gurbalib/pull/38

Restart Required: Yes

Instructions:

1. Update Gurbalib to version after 2020-04-30. 2. Apply the fix from GitHub pull request #38. 3. Restart any services using Gurbalib.

🔧 Temporary Workarounds

Disable help command

all

Remove or disable the vulnerable help command functionality

# Remove or rename the help command binary
mv /path/to/gurbalib/lib/cmds/player/help /path/to/gurbalib/lib/cmds/player/help.disabled

Implement input validation

all

Add path traversal validation to help command input

# Add validation in help.c to reject paths containing '..' or absolute paths

🧯 If You Can't Patch

  • Implement strict file permissions on sensitive directories and configuration files
  • Use application firewalls or WAF rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Test if help command accepts '../' sequences by attempting to read /etc/passwd or similar sensitive file

Check Version:

Check Gurbalib version or build date to confirm it's after 2020-04-30

Verify Fix Applied:

Attempt the same directory traversal after patching to confirm it's blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from help command
  • Failed attempts to access sensitive paths

Network Indicators:

  • N/A - This is a local command execution vulnerability

SIEM Query:

search 'help command' AND ('..' OR '../' OR directory traversal)

📊 Metadata

CVE ID: CVE-2020-12649
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: May 5, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12649, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)