{"containers": {"cna": {"affected": [{"product": "ABRT", "vendor": "ABRT", "versions": [{"status": "affected", "version": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3"}]}], "datePublic": "2015-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal (Local File Inclusion)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-14T17:47:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.509Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3151", "datePublished": "2020-01-14T17:47:12", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "A396CA2B-75FF-4BEE-8C0A-89B7C030D1E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales leer, escribir o cambiar la propiedad de archivos arbitrarios por medio de vectores no especificados en el m\u00e9todo (1) NewProblem, (2) GetInfo, (3) SetElement, o (4) DeleteElement."}], "id": "CVE-2015-3151", "lastModified": "2024-11-21T02:28:46.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T18:15:10.773", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2015:1083", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "abrt-0:2.1.11-22.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-09T00:00:00Z"}, {"advisory": "RHSA-2015:1083", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreport-0:2.1.11-23.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-09T00:00:00Z"}], "bugzilla": {"description": "abrt: directory traversals in several D-Bus methods implemented by abrt-dbus", "id": "1214451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214451"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.", "Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user."], "name": "CVE-2015-3151", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "abrt", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3151\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3151"], "threat_severity": "Important"}