7.8
CVE-2015-0796
- EPSS 0.16%
- Veröffentlicht 02.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:23:43
- Quelle security@opentext.com
- CVE-Watchlists
- Unerledigt
Loginopen build service source server symlink exploitation via source patch
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensuse ≫ Open Buildservice Version >= 2.4 < 2.4.8
Opensuse ≫ Open Buildservice Version >= 2.5 < 2.5.7
Opensuse ≫ Open Buildservice Version >= 2.6 < 2.6.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.33 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| security@opentext.com | 6.3 | 2.8 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.