What is CVE-2020-7376?

CVE-2020-7376 is a high-severity vulnerability in Rapid7 Metasploit Framework, classified under Relative Path Traversal. CVSS score: 7.1/10. Published 2020-08-24.

How severe is CVE-2020-7376?

High severity. CVSS v3 base score is 7.1 out of 10.

Path Traversal in Rapid7 Metasploit Framework

CVE-2020-7376

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesys…

EPSS: 0.003 (55.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H.

Affected products

Rapid7 Metasploit Framework — versions 4.11.7, 6.0.3

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

github.com/rapid7/metasploit-framework/issues/14008 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-7376?: CVE-2020-7376 is a high-severity vulnerability in Rapid7 Metasploit Framework, classified under Relative Path Traversal. CVSS score: 7.1/10. Published 2020-08-24.
How severe is CVE-2020-7376?: High severity. CVSS v3 base score is 7.1 out of 10.