| Vulnerability Name: | CVE-2015-1838 (CCN-131029) | ||||||||||||||||||||||||||||
| Assigned: | 2015-04-17 | ||||||||||||||||||||||||||||
| Published: | 2015-04-17 | ||||||||||||||||||||||||||||
| Updated: | 2017-04-19 | ||||||||||||||||||||||||||||
| Summary: | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-19 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Unknown | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1838 Source: FEDORA Type: Third Party Advisory FEDORA-2016-105b3b8804 Source: CCN Type: Red Hat Bugzilla Bug 1212784 CVE-2015-1838 salt: insecure /tmp file handling in salt/modules/serverdensity_device.py Source: CONFIRM Type: Issue Tracking, Patch https://bugzilla.redhat.com/show_bug.cgi?id=1212784 Source: CCN Type: SALTSTACK Web site Salt 2014.7.4 Release Notes Source: CONFIRM Type: Release Notes, Vendor Advisory https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html Source: XF Type: UNKNOWN saltstack-cve20151838-unspecified(131029) Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||