libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-12-07 10:59
Updated : 2023-02-12 16:53
NVD link : CVE-2015-5302
Mitre link : CVE-2015-5302
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
redhat
- libreport