PT-2019-7168 · Canonical · Content Hub

Publicado

2019-04-22

Atualizado

2019-10-09

CVE-2015-1327

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Content Hub before version 0.0+15.04.20150331-0ubuntu1.0

Description The issue allows a malicious application using the DBUS API to export sensitive files, such as /etc/passwd, without requiring access to the file. This could potentially send a copy of the file to another app.

Recommendations For Content Hub before version 0.0+15.04.20150331-0ubuntu1.0, update to version 0.0+15.04.20150331-0ubuntu1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBUS API to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2015-1327

Produtos afetados

Content Hub

PT-2019-7168 · Canonical · Content Hub

CVE-2015-1327

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2