CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
PHYSICAL
LOW
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
canonicalCNA
7.4 HIGH
PHYSICAL
LOW
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
canonicalapport
𝑥
< 2.19.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apport
zesty
Fixed 2.19.2-0ubuntu1
released
yakkety
Fixed 2.19.2-0ubuntu1
released
xenial
Fixed 2.19.2-0ubuntu1
released
wily
Fixed 2.19.1-0ubuntu4
released
vivid
Fixed 2.17.2-0ubuntu1.7
released
trusty
Fixed 2.14.1-0ubuntu3.18
released
precise
Fixed 2.0.1-0ubuntu17.13
released
Common Weakness Enumeration
References
https://launchpad.net/apport/trunk/2.19.2
https://usn.ubuntu.com/2782-1/
https://launchpad.net/apport/trunk/2.19.2
https://usn.ubuntu.com/2782-1/