Plattform
python
Komponente
koji
Behoben in
1.15.1
CVE-2018-1002150 describes a critical access control vulnerability affecting Koji, a build system for RPM packages. This flaw allows an attacker to gain arbitrary filesystem read and write access, potentially leading to complete system compromise. The vulnerability impacts Koji versions 1.12, 1.13, 1.14, and 1.15. A fix is available in versions 1.12.1, 1.13.1, 1.14.1, and 1.15.1.
The impact of this vulnerability is severe. An attacker exploiting CVE-2018-1002150 can read and write any file on the system where Koji is running, effectively gaining full control. This could involve stealing sensitive data (passwords, API keys, source code), modifying system files, installing malware, or pivoting to other systems on the network. The ability to write files allows for persistent backdoors and complete compromise of the build environment. This vulnerability is particularly concerning given Koji's role in managing build artifacts, which could be maliciously altered and distributed.
CVE-2018-1002150 was publicly disclosed on July 12, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the critical severity and ease of exploitation make it a potential target. There are publicly available proof-of-concept exploits demonstrating the arbitrary file read/write capability. The vulnerability is not currently listed on CISA KEV.
Organizations using Koji to manage RPM packages, particularly those running older, unpatched versions (≤1.15.0), are at significant risk. Shared hosting environments where Koji instances are deployed alongside other applications are also vulnerable, as a compromise of Koji could potentially impact other services.
• linux / server:
journalctl -u koji | grep -i "access denied"• python:
import os
# Check for unusual file permissions in Koji's data directory
for root, dirs, files in os.walk('/path/to/koji/data'): # Replace with actual path
for file in files:
filepath = os.path.join(root, file)
if os.access(filepath, os.W_OK):
print(f"Warning: Writeable file found: {filepath}")disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CVSS-Vektor
The primary mitigation is to upgrade Koji to a patched version (1.12.1, 1.13.1, 1.14.1, or 1.15.1). If an immediate upgrade is not possible due to compatibility issues or downtime constraints, consider implementing stricter filesystem permissions around the Koji data directory to limit the potential impact of a successful exploit. Review and restrict user access to the Koji system, ensuring only authorized personnel have access. Monitor Koji logs for suspicious activity, particularly attempts to access files outside of expected directories. Consider implementing a Web Application Firewall (WAF) to filter requests and block attempts to exploit the vulnerability, although this is not a substitute for patching.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-1002150 is a critical vulnerability in Koji versions 1.12, 1.13, 1.14, and 1.15 that allows attackers to read and write any file on the system due to flawed access controls.
You are affected if you are running Koji versions 1.12, 1.13, 1.14, or 1.15 (≤1.15.0).
Upgrade Koji to version 1.15.1 or later (1.12.1, 1.13.1, or 1.14.1 are also fixes).
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a potential target.
Refer to the Koji project's security advisories for details: https://koji.org/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.