7.8

CVE-2015-3151

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.421
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151
Third Party Advisory
Issue Tracking
https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b
Patch
Third Party Advisory
https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277
Patch
Third Party Advisory
https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364
Patch
Third Party Advisory