Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2019-04-22T15:35:59.250045Z
Updated: 2024-09-16T17:27:40.688Z
Reserved: 2015-01-22T00:00:00
Link: CVE-2015-1327
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-22T16:29:00.833
Modified: 2024-11-21T02:25:10.577
Link: CVE-2015-1327
Redhat
No data.