Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Devscripts Devel Team
  • Devscripts
Fedoraproject
  • Fedora

Configuration 1 [-]

cpe:2.3:a:devscripts_devel_team:devscripts:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

No data.

References
Link Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2015/08/01/7 cve-icon cve-icon
https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2 cve-icon cve-icon
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1249645 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2017-09-06T21:00:00

Updated: 2024-08-06T06:59:04.310Z

Reserved: 2015-08-01T00:00:00

Link: CVE-2015-5705

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-06T21:29:00.753

Modified: 2024-11-21T02:33:40.830

Link: CVE-2015-5705

cve-icon Redhat

No data.