CVE-2017-15288

Опубликовано: 13 нояб. 2017

Источник: redhat

CVSS3: 6.7

EPSS Низкий

Описание

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.

Меры по смягчению последствий

Use "scala -nocompdaemon MyScript.scala" rather than "scala MyScript.scala" to disable the implicit startup and use of the daemon.
Avoid explicitly starting fsc. This text is borrowed from the upstream security advisory.

Затронутые пакеты

Платформа	Пакет	Состояние
JBoss Developer Studio 10	scala-compiler	Not affected
JBoss Developer Studio 10	scala-library	Not affected
JBoss Developer Studio 8	scala-library	Not affected
Red Hat JBoss A-MQ 6	scala-library	Not affected
Red Hat JBoss Data Grid 6	scala-library	Will not fix
Red Hat JBoss Data Grid 7	scala-library	Not affected
Red Hat JBoss Data Virtualization 6	scala-library	Not affected
Red Hat JBoss Fuse 6	Camel	Not affected
Red Hat JBoss Fuse Service Works 6	camel-scala	Will not fix
Red Hat JBoss Fuse Service Works 6	scala-compiler	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-377

https://bugzilla.redhat.com/show_bug.cgi?id=1516915scala: Privilege escalation in Scala compilation daemon

EPSS

Процентиль: 33%

0.00128

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2017-15288

CVSS3: 7.8

ubuntu

около 8 лет назад

CVE-2017-15288

CVSS3: 7.8

nvd

около 8 лет назад

CVE-2017-15288

CVSS3: 7.8

debian

около 8 лет назад

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...

GHSA-qvxv-pmq9-4q7g

CVSS3: 7.8

github

больше 7 лет назад

High severity vulnerability that affects org.scala-lang:scala-compiler

EPSS

Процентиль: 33%

0.00128

Низкий

6.7 Medium

CVSS3