Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-15167
HistorySep 02, 2020 - 12:00 a.m.

CVE-2020-15167

2020-09-0200:00:00
ubuntu.com
ubuntu.com
12

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.9%

In Miller (command line utility) using the configuration file support
introduced in version 5.9.0, it is possible for an attacker to cause Miller
to run arbitrary code by placing a malicious .mlrrc file in the working
directory. See linked GitHub Security Advisory for complete details. A fix
is ready and will be released as Miller 5.9.1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmiller< anyUNKNOWN
ubuntu20.04noarchmiller< anyUNKNOWN
ubuntu16.04noarchmiller< anyUNKNOWN

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.9%

Related for UB:CVE-2020-15167