Описание
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
Отчет
Not vulnerable. This issue did not affect the versions of python-jinja2 as shipped with Red Hat Enterprise Linux 6 as it did not include the patch that introduced this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | python-jinja2 | Not affected | ||
| Red Hat Enterprise Linux 7 | python-jinja2 | Not affected | ||
| Red Hat OpenStack Platform 4 | python-jinja2-26 | Not affected | ||
| Red Hat Software Collections | python27-python-jinja2 | Not affected | ||
| Red Hat Software Collections | python33-python-jinja2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create tempo ...
EPSS
4.4 Medium
CVSS2