CVE-2017-8418

Опубликовано: 02 мая 2017

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

Ссылки

http://www.openwall.com/lists/oss-security/2017/05/01/14
Exploit
Mailing List
Third Party Advisory
https://github.com/bbatsov/rubocop/issues/4336
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/05/01/14
Exploit
Mailing List
Third Party Advisory
https://github.com/bbatsov/rubocop/issues/4336
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rubocop_project:rubocop:*:*:*:*:*:*:*:*

Версия до 0.48.1 (включая)

EPSS

Процентиль: 20%

0.00063

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-668

Связанные уязвимости

CVE-2017-8418

CVSS3: 3.3

ubuntu

почти 9 лет назад

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

CVE-2017-8418

CVSS3: 3.3

debian

почти 9 лет назад

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing loc ...

GHSA-wmjf-jpjj-9f3j

CVSS3: 3.3

github

около 8 лет назад

RuboCop gem Insecure use of /tmp

EPSS

Процентиль: 20%

0.00063

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-668