CVE-2014-5003

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.

Ссылки

http://www.openwall.com/lists/oss-security/2014/07/07/24
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/17/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/07/24
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/17/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisories/ciborg-3.0.0.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ciborg_project:ciborg:3.0.0:*:*:*:*:ruby:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-g982-9r8g-6qxw