Miggo Logo

CVE-2020-27534: Path Traversal in Moby builder

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.72539%
Published
1/31/2024
Updated
4/22/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/moby/mobygo< 19.03.919.03.9
github.com/docker/dockergo< 19.03.919.03.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure temporary file handling in Docker's binfmt_misc check implementation. The key vulnerable function is identified as checkBinfmtMisc in util/binfmt_misc/check.go, where:

  1. ioutil.TempDir was called with an empty directory prefix argument, creating temporary files in the system's default temp location
  2. The generated path was passed to os.OpenFile without proper validation
  3. This pattern matches the CVE description of 'potentially unsafe qemu-check temporary pathname'
  4. The patch (moby/moby#40877) would have modified this TempDir call to use a secure directory prefix
  5. This function would appear in runtime profiles during binfmt_misc checks when processing container architectures

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

util/*in*mt_mis*/****k.*o in *uil**r in *o*k*r *n*in* ***or* **.**.* **lls os.Op*n*il* wit* * pot*nti*lly uns*** q*mu-****k t*mpor*ry p*t*n*m*, *onstru*t** wit* *n *mpty *irst *r*um*nt in *n ioutil.T*mp*ir **ll.

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* t*mpor*ry *il* **n*lin* in *o*k*r's *in*mt_mis* ****k impl*m*nt*tion. T** k*y vuln*r**l* *un*tion is i**nti*i** *s ****k*in*mtMis* in util/*in*mt_mis*/****k.*o, w**r*: *. ioutil.T*mp*ir w*s **ll** wit* *n *mpty *
CVE-2020-27534: Moby Builder Path Traversal | Miggo