{"containers": {"cna": {"affected": [{"product": "ABRT", "vendor": "ABRT", "versions": [{"status": "affected", "version": "before 1951e7282043dfe1268d492aea056b554baedb75"}]}], "datePublic": "2015-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-14T17:34:43", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3150", "datePublished": "2020-01-14T17:34:43", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "A396CA2B-75FF-4BEE-8C0A-89B7C030D1E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."}, {"lang": "es", "value": "abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales eliminar o cambiar la propiedad de archivos arbitrarios por medio del argumento del directorio problema en el m\u00e9todo (1) ChownProblemDir, (2) DeleteElement o (3) DeleteProblem."}], "id": "CVE-2015-3150", "lastModified": "2023-02-13T00:47:45.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T18:15:10.667", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2015:1083", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "abrt-0:2.1.11-22.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-09T00:00:00Z"}, {"advisory": "RHSA-2015:1083", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreport-0:2.1.11-23.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-09T00:00:00Z"}], "bugzilla": {"description": "abrt: abrt-dbus does not guard against crafted problem directory path arguments", "id": "1214457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.", "It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user."], "name": "CVE-2015-3150", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "abrt", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3150\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3150"], "threat_severity": "Important"}