CVE-2015-3151

Description

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.

References

Link	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151	issue tracking third party advisory
https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932	third party advisory patch
https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b	third party advisory patch
https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364	third party advisory patch
https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277	third party advisory patch
https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2015-3151?: CVE-2015-3151 has been scored as a high severity vulnerability.
How to fix CVE-2015-3151?: To fix CVE-2015-3151, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-3151 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2015-3151 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2015-3151?: CVE-2015-3151 affects ABRT ABRT.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions