Detections
Analytics

SCA: security update for metasploit-framework (GHSA-xgww-h98f-24qf)

high Tenable Self-Hosted Container Security Plugin ID 431923

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose
 Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the
 vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated
 privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker
 would have to lie in wait and entice the Metasploit user to run the affected module against a malicious
 endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec
 module is running. In most cases, this cannot happen automatically. (CVE-2020-7385)

See Also

https://github.com/advisories/GHSA-xgww-h98f-24qf

Plugin Details

Severity: High

ID: 431923

Version: Revision 1.2

Type: Local

Family: SCA Checks

Published: 8/7/2025

Updated: 1/28/2026

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-7385

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2022

Vulnerability Publication Date: 10/22/2020

Reference Information

CVE: CVE-2020-7385

cwe: CWE-502