CVE-2015-3151

HIGH

Automatic Bug Reporting Tool - Path Traversal via NewProblem GetInfo SetElement or DeleteElement Methods

Title source: llm

Description

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.

References (6)

Core 6

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151

Patch, Third Party Advisory x_refsource_confirm

https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_confirm

https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_confirm

https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_confirm

https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_confirm

https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3

View Patch ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0056

EPSS Percentile 42.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

redhat/automatic_bug_reporting_tool

Published Jan 14, 2020

Tracked Since Feb 18, 2026