Code injection

2015-12-0718:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.

CPENameOperatorVersion
libreporteq2.1.6
libreporteq2.0.9
libreporteq2.0.8
libreporteq2.2.2
libreporteq2.5.1
libreporteq2.1.3
libreporteq2.1.9
libreporteq2.1.4
libreporteq2.0.10
libreporteq2.1.7

Name	Operator	Version
libreport	eq	2.1.6
libreport	eq	2.0.9
libreport	eq	2.0.8
libreport	eq	2.2.2
libreport	eq	2.5.1
libreport	eq	2.1.3
libreport	eq	2.1.9
libreport	eq	2.1.4
libreport	eq	2.0.10
libreport	eq	2.1.7