VDB
CVE-2020-29050
CVE-2020-29050
PUBLISHED
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
EPSS 0.71% · 72.6th percentile
Risk Scores
EPSS Score
0.71%
72.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | sphinxsearch | 0, 2.2.11-2 |
| Ubuntu:20.04:LTS | sphinxsearch | 0, 2.2.11-2ubuntu1, 2.2.11-2build1 |
| Ubuntu:22.04:LTS | sphinxsearch | 2.2.11-2ubuntu2, 2.2.11-8, 0 |
| Ubuntu:16.04:LTS | sphinxsearch | 2.2.9-1build1, 2.2.9-1, 2.0.4-1.1ubuntu2 |
Exploit Intelligence
Timeline
- Jan 7, 2022 EPSS Score
- Jan 7, 2022 CVE Published
- Mar 2, 2022 EPSS Score
- Apr 24, 2022 EPSS Score
- Aug 10, 2022 EPSS Score
- Oct 3, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Jun 28, 2023 EPSS Score
- Aug 20, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-29050 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-29050 third-party-advisory