CVE-2015-5302

libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
redhatlibreport
2.0.8
redhatlibreport
2.0.9
redhatlibreport
2.0.10
redhatlibreport
2.0.14
redhatlibreport
2.0.16
redhatlibreport
2.0.19
redhatlibreport
2.0.20
redhatlibreport
2.1.0
redhatlibreport
2.1.1
redhatlibreport
2.1.2
redhatlibreport
2.1.3
redhatlibreport
2.1.4
redhatlibreport
2.1.5
redhatlibreport
2.1.6
redhatlibreport
2.1.7
redhatlibreport
2.1.8
redhatlibreport
2.1.9
redhatlibreport
2.1.10
redhatlibreport
2.1.11
redhatlibreport
2.2.2
redhatlibreport
2.2.3
redhatlibreport
2.3.0
redhatlibreport
2.5.1
redhatlibreport
2.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
http://rhn.redhat.com/errata/RHSA-2015-2504.html
http://rhn.redhat.com/errata/RHSA-2015-2505.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77685
https://bugzilla.redhat.com/show_bug.cgi?id=1270903
https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
http://rhn.redhat.com/errata/RHSA-2015-2504.html
http://rhn.redhat.com/errata/RHSA-2015-2505.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77685
https://bugzilla.redhat.com/show_bug.cgi?id=1270903
https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360