I was in charge of integration test to deliver to Red Hat Enterprise Linux customers Security Advisory RHSA-2020:3658 (CVE-2020-14352 fix) public released on 8 Sep 2020.
Red Hat Product Security has rated this update as having a security impact of Important.
Security fix:
librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352) Common Vulnerability Scoring System (CVSS) v3 Score Details:
Red Hat: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H NVD: CVSS:3.
...Read More