CVE-2015-1870

Опубликовано: 26 июн. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.

Ссылки

http://rhn.redhat.com/errata/RHSA-2015-1083.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.securityfocus.com/bid/75119
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1212868
Issue Tracking
Vendor Advisory
https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c
Patch
Third Party Advisory
https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1083.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.securityfocus.com/bid/75119
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1212868
Issue Tracking
Vendor Advisory
https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c
Patch
Third Party Advisory
https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*

Версия до 2.1.11 (включая)

EPSS

Процентиль: 30%

0.00107

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-1870

redhat

больше 10 лет назад

GHSA-v6ww-8wv5-ggw9

CVSS3: 5.5

github

больше 3 лет назад

ELSA-2015-1210

oracle-oval

около 10 лет назад

ELSA-2015-1210: abrt security update (MODERATE)

ELSA-2015-1083