Products

Solutions

Company

Book A Live Demo

CVE-2020-7063 : Security Advisory and Response

Learn about CVE-2020-7063 affecting PHP versions 7.2.x, 7.3.x, and 7.4.x. Understand the security risk of files in PHAR archives having all-access permissions.

PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15, and 7.4.x below 7.4.3 are affected by a vulnerability where files added to a tar archive using Phar::buildFromIterator have all-access permissions, potentially leading to unintended lax file permissions upon extraction.

Understanding CVE-2020-7063

This CVE involves a security issue in PHP versions that can result in files having broader permissions than intended when included in a PHAR archive.

What is CVE-2020-7063?

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15, and 7.4.x below 7.4.3, the PharData::buildFromIterator() function adds files to a PHAR archive with default permissions, potentially causing security risks.

The Impact of CVE-2020-7063

CVSS Base Score

Attack Vector

Confidentiality Impact

User Interaction

This vulnerability could allow an attacker to manipulate file permissions, compromising the confidentiality of sensitive data.

Technical Details of CVE-2020-7063

This section provides more in-depth technical insights into the vulnerability.

Vulnerability Description

When creating a PHAR archive using PharData::buildFromIterator(), files are added with default permissions, potentially leading to lax file permissions upon extraction.

Affected Systems and Versions

PHP 7.2.x below 7.2.28

PHP 7.3.x below 7.3.15

PHP 7.4.x below 7.4.3

Exploitation Mechanism

The issue arises when the PharData::buildFromIterator() function is used to create PHAR archives, resulting in files with broader permissions than intended.

Mitigation and Prevention

To address CVE-2020-7063, follow these mitigation strategies:

Immediate Steps to Take

Utilize alternative Phar class functions like addFile() to compose archives.

Reset file permissions when extracting files from the archive.

Long-Term Security Practices

Regularly update PHP to patched versions.

Monitor security advisories for PHP to stay informed about potential vulnerabilities.

Patching and Updates

Stay updated with security patches released by PHP to address this vulnerability.

CVE-2020-7063 : Security Advisory and Response

Understanding CVE-2020-7063

What is CVE-2020-7063?

The Impact of CVE-2020-7063

Technical Details of CVE-2020-7063

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2020-7063 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2020-7063

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2020-7063?

The Impact of CVE-2020-7063

Technical Details of CVE-2020-7063

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2020-7063

What is CVE-2020-7063?

Is your System Free of Underlying Vulnerabilities?
Find Out Now