CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-11 21:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-5313

Mitre link : CVE-2015-5313

CVE.ORG link : CVE-2015-5313


JSON object : View

Products Affected

redhat

  • libvirt
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')