CVE-2014-1402

CVSS v4.0

8.6

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Jinja2 versions prior to 2.7.2

Description The default configuration for bccache.FileSystemBytecodeCache in Jinja2 does not properly create temporary files. This allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp.

Recommendations For versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp directory to minimize the risk of exploitation. Avoid using the bccache.FileSystemBytecodeCache with the default configuration until the issue is resolved.

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-264

Related Identifiers

ALT-PU-2020-3106

ALT-PU-2024-3036

CESA-2014_0747

CVE-2014-1402

GHSA-8R7Q-CVJQ-X353

MGASA-2014-0028

PYSEC-2014-8

RHSA-2014:0747

RHSA-2014:0748

RHSA-2014_0747

USN-2301-1

Affected Products

Alt Linux

Centos

Jinja2

Red Hat

CVE-2014-1402

Weakness Enumeration

Related Identifiers

Affected Products

References · 55