CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
pocoojinja2
𝑥
≤ 2.7.1
pocoojinja2
2.0
pocoojinja2
2.0:rc1
pocoojinja2
2.1
pocoojinja2
2.1.1
pocoojinja2
2.2
pocoojinja2
2.2.1
pocoojinja2
2.3
pocoojinja2
2.3.1
pocoojinja2
2.4
pocoojinja2
2.4.1
pocoojinja2
2.5
pocoojinja2
2.5.1
pocoojinja2
2.5.2
pocoojinja2
2.5.3
pocoojinja2
2.5.4
pocoojinja2
2.5.5
pocoojinja2
2.6
pocoojinja2
2.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jinja2
bullseye
2.11.3-1
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
3.1.2-1
fixed
sid
3.1.3-1
fixed
trixie
3.1.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jinja2
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
Fixed 2.6-1ubuntu0.1
released
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0028.html
http://jinja.pocoo.org/docs/changelog/
http://openwall.com/lists/oss-security/2014/01/10/2
http://openwall.com/lists/oss-security/2014/01/10/3
http://rhn.redhat.com/errata/RHSA-2014-0747.html
http://rhn.redhat.com/errata/RHSA-2014-0748.html
http://secunia.com/advisories/56287
http://secunia.com/advisories/58783
http://secunia.com/advisories/58918
http://secunia.com/advisories/59017
http://secunia.com/advisories/60738
http://secunia.com/advisories/60770
http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
http://advisories.mageia.org/MGASA-2014-0028.html
http://jinja.pocoo.org/docs/changelog/
http://openwall.com/lists/oss-security/2014/01/10/2
http://openwall.com/lists/oss-security/2014/01/10/3
http://rhn.redhat.com/errata/RHSA-2014-0747.html
http://rhn.redhat.com/errata/RHSA-2014-0748.html
http://secunia.com/advisories/56287
http://secunia.com/advisories/58783
http://secunia.com/advisories/58918
http://secunia.com/advisories/59017
http://secunia.com/advisories/60738
http://secunia.com/advisories/60770
http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html