CVE-2015-1870

MEDIUM

Redhat Automatic Bug Reporting Tool < 2.1.11 - Information Disclosure

Title source: rule

Description

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.

References (7)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-1083.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-1210.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75119

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1212868

[Patch, Third Party Advisory] https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1

[Patch, Third Party Advisory] https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

redhat/automatic_bug_reporting_tool < 2.1.11

n/a/n/a

Published Jun 26, 2017

Tracked Since Feb 18, 2026