Description
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
References (5)
Core 5
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1214457
Patch, Third Party Advisory x_refsource_misc
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8
Patch, Third Party Advisory x_refsource_misc
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1
Patch, Third Party Advisory x_refsource_misc
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7
Patch, Third Party Advisory x_refsource_misc
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75
Scores
CVSS v3
7.1
EPSS
0.0005
EPSS Percentile
14.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
redhat/automatic_bug_reporting_tool
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026