Vulnerability Description
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sphinxsearch | Sphinx | <= 3.1.1 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00009.htmlMailing ListThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2020-29050Third Party Advisory
- https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00009.htmlMailing ListThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2020-29050Third Party Advisory
FAQ
What is CVE-2020-29050?
CVE-2020-29050 is a vulnerability with a CVSS score of 7.5 (HIGH). SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations...
How severe is CVE-2020-29050?
CVE-2020-29050 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29050?
Check the references section above for vendor advisories and patch information. Affected products include: Sphinxsearch Sphinx, Debian Debian Linux.