The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cloudforms Cloudengine
  • 1
Redhat
  • Openshift
Rhel Sam
  • 1.2
Ryan Davis
  • Ruby Parser

Configuration 1 [-]

OR cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
CloudForms for RHEL 6
rubygem-activesupport-1:3.0.10-10.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-delayed_job-0:2.1.4-3.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-rack-1:1.3.0-3.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-rails_warden-0:0.5.5-2.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-rdoc-0:3.8-6.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-rspec-rails-0:2.6.1-7.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
rubygem-shoulda-0:2.11.3-5.el6cf cpe:/a:cloudforms_cloudengine:1::el6 RHSA-2013:0548 2013-02-21T00:00:00Z
Red Hat Subscription Asset Manager 1.2
apache-commons-codec-0:1.7-2.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
candlepin-0:0.7.23-1.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
elasticsearch-0:0.19.9-5.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
katello-0:1.2.1-15h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
katello-certs-tools-0:1.2.1-1h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
katello-cli-0:1.2.1-12h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
katello-configure-0:1.2.3-3h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
katello-selinux-0:1.2.1-2h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
lucene3-0:3.6.1-10h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
puppet-0:2.6.17-2.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
quartz-0:2.1.5-4.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-activesupport-1:3.0.10-10.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-apipie-rails-0:0.0.12-2.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-ldap_fluff-0:0.1.3-1.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-mail-0:2.3.0-3.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-rack-1:1.3.0-3.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6cf cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
sigar-0:1.6.5-0.12.git58097d9h.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
snappy-java-0:1.0.4-2.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
thumbslug-0:0.0.28-1.el6_3 cpe:/a:rhel_sam:1.2::el6 RHSA-2013:0544 2013-02-21T00:00:00Z
RHEL 6 Version of OpenShift Enterprise
graphviz-0:2.26.0-10.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-console-0:0.0.16-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-broker-0:1.0.11-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-broker-util-0:1.0.15-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
php-0:5.3.3-22.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-ruby-0:1.9.3.327-25.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-rubygem-actionpack-1:3.2.8-3.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-rubygem-activemodel-0:3.2.8-2.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-rubygem-activerecord-1:3.2.8-3.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-rubygem-railties-0:3.2.8-2.el6 cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-actionpack-1:3.0.13-4.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-activemodel-0:3.0.13-3.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-activerecord-1:3.0.13-5.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-bson-0:1.8.1-2.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-mongo-0:1.8.1-2.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-openshift-origin-console-0:1.0.10-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-openshift-origin-controller-0:1.0.12-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-openshift-origin-node-0:1.0.11-1.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6op cpe:/a:redhat:openshift:1::el6 RHSA-2013:0582 2013-02-28T00:00:00Z
References
Link Providers
http://rhn.redhat.com/errata/RHSA-2013-0544.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-0548.html cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=892806 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-0162 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-0162 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-01T02:00:00Z

Updated: 2024-08-06T14:18:09.378Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0162

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-03-01T05:40:16.987

Modified: 2024-11-21T01:46:58.307

Link: CVE-2013-0162

cve-icon Redhat

Severity : Low

Publid Date: 2013-01-21T00:00:00Z

Links: CVE-2013-0162 - Bugzilla