CVE-2015-5313 - CERT CVE
ID CVE-2015-5313
Sažetak Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Reference
CVSS
Base: 1.9
Impact: 2.9
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:L/AC:M/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje 13-02-2023 - 00:53
Objavljeno 11-04-2016 - 21:59