CVE-2015-3151 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
redhat	automatic_bug_reporting_tool	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151

https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3

https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932

https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b

https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277

https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151

https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3

https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932

https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b

https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277

https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364