Login Sign Up

CVE-2020-14352

8.0 HIGH

📋 TL;DR

CVE-2020-14352 is a directory traversal vulnerability in librepo versions before 1.12.1 that allows attackers controlling remote repositories to write files outside intended directories via unsanitized paths in repository metadata. This could lead to system compromise by overwriting critical files. The primary risk is to users who configure untrusted third-party repositories.

💻 Affected Systems

Products:
  • librepo
Versions: All versions before 1.12.1
Operating Systems: Linux distributions using librepo (RHEL, Fedora, CentOS, openSUSE)
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using remote repositories. Local repositories or disabled repository fetching are not affected.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Leap by Opensuse

View all CVEs affecting Leap →

Librepo by Redhat

View all CVEs affecting Librepo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via overwriting critical system files like /etc/passwd or /etc/shadow, potentially leading to root access.

🟠

Likely Case

Arbitrary file write in user-controlled directories, potentially enabling privilege escalation or data corruption.

🟢

If Mitigated

No impact if using only trusted repositories and proper access controls.

🌐 Internet-Facing: MEDIUM - Requires attacker to control a repository that the system connects to, but many systems automatically fetch from configured repositories.
🏢 Internal Only: LOW - Typically requires explicit user action to add malicious repository sources.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires controlling a repository that the target system trusts and connects to. The vulnerability itself is straightforward path traversal.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.1 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1866498

Restart Required: No

Instructions:

1. Update librepo package using your distribution's package manager. 2. For RHEL/CentOS: 'yum update librepo'. 3. For Fedora: 'dnf update librepo'. 4. For openSUSE: 'zypper update librepo'.

🔧 Temporary Workarounds

Disable untrusted repositories

linux

Remove or disable any untrusted third-party repositories from your system configuration.

# Check configured repositories
yum repolist all
# Disable specific repository
yum-config-manager --disable <repo-id>

Use local repositories only

linux

Configure system to use only local, verified repositories instead of remote sources.

# Configure local repository in /etc/yum.repos.d/
# Example local repo file with baseurl=file:///path/to/local/repo

🧯 If You Can't Patch

  • Only use trusted, verified repositories from official sources
  • Implement strict network controls to limit repository connections to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check librepo version: 'rpm -q librepo' or 'librepo --version'. If version is earlier than 1.12.1, system is vulnerable.

Check Version:

rpm -q librepo || librepo --version || dnf info librepo | grep Version

Verify Fix Applied:

Verify librepo version is 1.12.1 or later: 'rpm -q librepo | grep 1.12.1' or check with package manager.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file writes outside expected repository directories
  • Failed path traversal attempts in system logs
  • Repository metadata fetch errors

Network Indicators:

  • Connections to unusual or untrusted repository URLs
  • Unexpected file downloads during repository updates

SIEM Query:

source="yum.log" OR source="dnf.log" AND ("path traversal" OR "../" OR directory traversal)

📊 Metadata

CVE ID: CVE-2020-14352
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: August 30, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14352, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)