CVE-2015-3171

Опубликовано: 25 июл. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1218658
Issue Tracking
Patch
Third Party Advisory
https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
Issue Tracking
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1218658
Issue Tracking
Patch
Third Party Advisory
https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sos_project:sos:3.2:-:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-3171

CVSS3: 5.5

ubuntu

больше 8 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

CVE-2015-3171

redhat

почти 11 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

CVE-2015-3171

CVSS3: 5.5

debian

больше 8 лет назад

sosreport 3.2 uses weak permissions for generated sosreport archives, ...

GHSA-gw46-8559-cggp

CVSS3: 5.5

github

больше 3 лет назад

sosreport sensitive information disclosure via weak permissions of the generated archives

EPSS

Процентиль: 12%

0.00039

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200