Vulnerability Description
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sos Project | Sos | 3.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1218658Issue TrackingPatchThird Party Advisory
- https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6Issue TrackingPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1218658Issue TrackingPatchThird Party Advisory
- https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2015-3171?
CVE-2015-3171 is a vulnerability with a CVSS score of 5.5 (MEDIUM). sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
How severe is CVE-2015-3171?
CVE-2015-3171 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3171?
Check the references section above for vendor advisories and patch information. Affected products include: Sos Project Sos.