CVE-2014-1402

EUVD-2014-0023
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
pocoojinja2
𝑥
≤ 2.7.1
pocoojinja2
2.0
pocoojinja2
2.0:rc1
pocoojinja2
2.1
pocoojinja2
2.1.1
pocoojinja2
2.2
pocoojinja2
2.2.1
pocoojinja2
2.3
pocoojinja2
2.3.1
pocoojinja2
2.4
pocoojinja2
2.4.1
pocoojinja2
2.5
pocoojinja2
2.5.1
pocoojinja2
2.5.2
pocoojinja2
2.5.3
pocoojinja2
2.5.4
pocoojinja2
2.5.5
pocoojinja2
2.6
pocoojinja2
2.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jinja2
bookworm
3.1.2-1
fixed
bullseye
2.11.3-1
fixed
sid
3.1.3-1
fixed
squeeze
no-dsa
trixie
3.1.3-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jinja2
lucid
ignored
precise
Fixed 2.6-1ubuntu0.1
released
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0028.html
http://jinja.pocoo.org/docs/changelog/
http://openwall.com/lists/oss-security/2014/01/10/2
http://openwall.com/lists/oss-security/2014/01/10/3
http://rhn.redhat.com/errata/RHSA-2014-0747.html
http://rhn.redhat.com/errata/RHSA-2014-0748.html
http://secunia.com/advisories/56287
http://secunia.com/advisories/58783
http://secunia.com/advisories/58918
http://secunia.com/advisories/59017
http://secunia.com/advisories/60738
http://secunia.com/advisories/60770
http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html
http://advisories.mageia.org/MGASA-2014-0028.html
http://jinja.pocoo.org/docs/changelog/
http://openwall.com/lists/oss-security/2014/01/10/2
http://openwall.com/lists/oss-security/2014/01/10/3
http://rhn.redhat.com/errata/RHSA-2014-0747.html
http://rhn.redhat.com/errata/RHSA-2014-0748.html
http://secunia.com/advisories/56287
http://secunia.com/advisories/58783
http://secunia.com/advisories/58918
http://secunia.com/advisories/59017
http://secunia.com/advisories/60738
http://secunia.com/advisories/60770
http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:096
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html