Lucene search

PRIOn knowledge basePRION:CVE-2011-4211

HistoryOct 30, 2011 - 7:55 p.m.

Design/Logic Flaw

2011-10-3019:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

CPENameOperatorVersion
app_engine_python_sdkeq1.4.3
app_engine_python_sdkeq1.1.5
app_engine_python_sdkeq1.3.4
app_engine_python_sdkeq1.2.6
app_engine_python_sdkeq1.2.2
app_engine_python_sdkeq1.2.7
app_engine_python_sdkeq1.1.7
app_engine_python_sdkeq1.0.2
app_engine_python_sdkeq1.1.3
app_engine_python_sdkeq1.5.2

Name	Operator	Version
app_engine_python_sdk	eq	1.4.3
app_engine_python_sdk	eq	1.1.5
app_engine_python_sdk	eq	1.3.4
app_engine_python_sdk	eq	1.2.6
app_engine_python_sdk	eq	1.2.2
app_engine_python_sdk	eq	1.2.7
app_engine_python_sdk	eq	1.1.7
app_engine_python_sdk	eq	1.0.2
app_engine_python_sdk	eq	1.1.3
app_engine_python_sdk	eq	1.5.2

Rows per page:

1-10 of 371

References

blog.watchfire.com/files/googleappenginesdk.pdf

www.securityfocus.com/bid/50464

code.google.com/p/googleappengine/wiki/SdkReleaseNotes

exchange.xforce.ibmcloud.com/vulnerabilities/71064

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2011-4211