CVE-2015-1327
3.9
CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ubuntu | Content Hub | unspecified < 0.0+15.04.20150331-0ubuntu1.0 | affected |
Weaknesses
- Missing access control checks.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.