Primary

Context

Fedora Repository Path Traversal Vulnerability in Archive Extraction

Vulnerability

A path traversal vulnerability has been identified in Fedora Repository versions 3.8.1 and prior, allowing authenticated attackers to exploit the 'Zip Slip' vulnerability when extracting uploaded archives. This issue enables the extraction of arbitrary JSP files to executable locations, accessible via unauthenticated GET requests. Additionally, Fedora Repository 3.8.x includes a service account with default credentials that can be used to read local files by manipulating datastreams.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and execution of arbitrary commands with the privileges of the Java web application server.

Remediation

Users are advised to migrate to a currently supported version of Fedora Repository, such as 6.5.1.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fedora Repository Path Traversal Vulnerability in Archive Extraction

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating