Unrated severityNVD Advisory· Published Apr 30, 2019· Updated Sep 17, 2024

Rapid7 Metasploit Framework Zip Import Directory Traversal

CVE-2019-5624

Description

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.

Affected products

Rapid7/Metasploit Frameworkcpe-rescue
Range: 4.14.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.doyensec.com/2019/04/24/rubyzip-bug.htmlmitrex_refsource_MISC
github.com/rapid7/metasploit-framework/pull/11716mitrex_refsource_CONFIRM
help.rapid7.com/metasploit/release-notes/archive/2019/04/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000