Vulnerability CVE-2014-0012

Vulnerability Name:

CVE-2014-0012 (CCN-90458)

Assigned:

2013-12-03

Published:

2014-01-10

Updated:

2023-02-13

Summary:

Jinja2 could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from the jinja2.bccache.FileSystemBytecodeCache temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2014-0012

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA56328
Jinja Filesystem Cache Insecure Directory Creation Security Issue

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Fri, 10 Jan 2014 22:34:10 -0700
CVE assignment for jinja2

Source: CCN
Type: BID-64787
Jinja2 Incomplete Fix Insecure File Permissions Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
jinja2-cve20140012-symlink(90458)

Source: CCN
Type: jinja2 GIT Repository
Fixed a security issue with temporary files on the filesystem cache

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20140012	V	CVE-2014-0012	2023-04-22
oval:org.opensuse.security:def:544	P	Security update for php7 (Important)	2022-07-05
oval:org.opensuse.security:def:249	P	opensc-0.19.0-3.7.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:956	P	Security update for expat (Important)	2022-03-04
oval:org.opensuse.security:def:867	P	Security update for cryptsetup (Moderate)	2022-01-20
oval:org.opensuse.security:def:113192	P	python-Jinja2-2.8-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113250	P	python36-Jinja2-3.0.1-3.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:11164	P	Security update for postrsd (Moderate)	2021-12-30
oval:org.opensuse.security:def:69959	P	Security update for poppler (Important)	2021-12-01
oval:org.opensuse.security:def:11139	P	Security update for mbedtls (Moderate)	2021-10-15
oval:org.opensuse.security:def:106613	P	python-Jinja2-2.8-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106662	P	python36-Jinja2-3.0.1-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71144	P	autofs-5.1.3-7.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71272	P	libksba-devel-1.3.5-2.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71385	P	qemu-tools-3.1.0-7.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61633	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96753	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71374	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103443	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89788	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:67791	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15) (Important)	2021-09-16
oval:org.opensuse.security:def:55245	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:1477	P	Security update for libsndfile (Critical)	2021-08-17
oval:org.opensuse.security:def:48064	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47980	P	cron-4.2-59.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48293	P	res-signingkeys-3.0.42-52.38.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47766	P	libpng16-16-1.6.8-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48222	P	libwavpack1-4.60.99-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47618	P	ghostscript-9.25-23.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48191	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47065	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47526	P	wget-1.14-20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48126	P	libidn-tools-1.28-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47394	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47080	P	libsrtp1-1.5.2-2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47066	P	libproxy1-0.4.13-16.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48178	P	libproxy1-0.4.13-16.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48030	P	grub2-2.02-12.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47477	P	python-2.7.13-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47938	P	ImageMagick-config-6-SUSE-6.8.8.1-71.126.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47806	P	libvncclient0-0.9.9-17.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47613	P	g3utils-1.1.36-58.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47492	P	rpm-32bit-4.11.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47478	P	python-PyYAML-3.12-25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47769	P	libprocps3-3.3.9-11.14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47685	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47998	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47471	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47927	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47323	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47896	P	supportutils-3.0-95.18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47231	P	cups-1.7.5-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47831	P	mutt-1.10.1-55.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47099	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46906	P	clamav-0.99.2-25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:68032	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)	2021-07-29
oval:org.opensuse.security:def:55928	P	Security update for qemu (Moderate)	2021-07-21
oval:org.opensuse.security:def:100636	P	(Important)	2021-07-14
oval:org.opensuse.security:def:11228	P	Security update for htmldoc (Important)	2021-06-17
oval:org.opensuse.security:def:46785	P	libxcb-dri2-0-1.10-1.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46771	P	libsnmp30-32bit-5.7.3-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61338	P	python2-Jinja2-2.10-1.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48636	P	tftp-5.2-10.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71079	P	python2-Jinja2-2.10-1.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48476	P	libXvMC1-1.0.8-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48392	P	ctags-5.8-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48705	P	rhythmbox-3.0.2-1.92 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48634	P	tar-1.27.1-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48603	P	procmail-3.22-267.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48538	P	libpoppler-glib8-0.43.0-15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48931	P	libmwaw-0_3-3-0.3.13-7.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48690	P	libproxy1-networkmanager-32bit-0.4.11-11.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11866	P	libXv1-1.0.10-3.57 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11888	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46770	P	libsndfile1-1.0.25-21.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71031	P	libsystemd0-234-22.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69854	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:11215	P	Security update for jhead (Moderate)	2021-05-19
oval:org.opensuse.security:def:64685	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:11206	P	Security update for postsrsd (Moderate)	2021-05-05
oval:org.opensuse.security:def:64598	P	Security update for java-11-openjdk (Important)	2021-02-09
oval:org.opensuse.security:def:11030	P	Security update for rpmlint (Moderate)	2020-12-11
oval:org.opensuse.security:def:64444	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:67932	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Important)	2020-12-07
oval:org.opensuse.security:def:116860	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93923	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61956	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71697	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107302	P	python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48985	P	freerdp-2.0.0~git.1463131968.4e66df7-12.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:11064	P	libsmi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11045	P	libplist++-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49864	P	python3-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26271	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:10983	P	libbz2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10937	P	gstreamer-plugins-bad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26306	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10915	P	freerdp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67691	P	libldap-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10907	P	eog-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25487	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25434	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:25633	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:49308	P	python3-Jinja2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25284	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:25589	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:25200	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25575	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:64357	P	libnm0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25143	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:26419	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25062	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:66603	P	python3-Jinja2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24935	P	Security update for screen (Moderate)	2020-12-01
oval:org.opensuse.security:def:26454	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24871	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24860	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25635	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:73176	P	liblzo2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25582	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25781	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49918	P	python2-Jinja2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25432	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:25737	P	Security update for libpng12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:73294	P	python3-Jinja2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25348	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25723	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25291	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:56321	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25210	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:56213	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:56606	P	Security update for mgetty (Important)	2020-12-01
oval:org.opensuse.security:def:25083	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:56525	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:25019	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:55762	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:56487	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55082	P	ctags on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55656	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:56413	P	Security update for openslp (Moderate)	2020-12-01
oval:org.opensuse.security:def:49254	P	libvmtools-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25008	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:55483	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:55105	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55083	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66511	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26103	P	USN-2301-1 -- jinja2 vulnerabilities	2014-09-15
oval:com.ubuntu.precise:def:20140012000	V	CVE-2014-0012 on Ubuntu 12.04 LTS (precise) - medium.	2014-05-19
oval:com.ubuntu.trusty:def:20140012000	V	CVE-2014-0012 on Ubuntu 14.04 LTS (trusty) - medium.	2014-05-19

BACK