CVE-2015-3151

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151	Issue Tracking Third Party Advisory
https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3	Patch Third Party Advisory
https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932	Patch Third Party Advisory
https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b	Patch Third Party Advisory
https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277	Patch Third Party Advisory
https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-14 18:15

Updated : 2024-02-28 17:28

NVD link : CVE-2015-3151

Mitre link : CVE-2015-3151

CVE.ORG link : CVE-2015-3151

JSON object : View

Products Affected

redhat

automatic_bug_reporting_tool

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2015-3151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-14T18:15:10.773", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales leer, escribir o cambiar la propiedad de archivos arbitrarios por medio de vectores no especificados en el m\u00e9todo (1) NewProblem, (2) GetInfo, (3) SetElement, o (4) DeleteElement."}], "lastModified": "2023-02-13T00:47:45.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A396CA2B-75FF-4BEE-8C0A-89B7C030D1E5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}