I was in charge of integration test to deliver to Red Hat Enterprise Linux customers Security Advisory RHSA-2020:3658 (CVE-2020-14352 fix) public released on 8 Sep 2020.
Red Hat Product Security has rated this update as having a security impact of Important.
Security fix:
- librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)
Common Vulnerability Scoring System (CVSS) v3 Score Details:
- Red Hat: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- NVD: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
