CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
10.1%
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary
directories, which allows local users to gain privileges by pre-creating a
temporary directory with a user’s uid. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2014-1402.
Author | Note |
---|---|
mdeslaur | Introduced in 2.7.2, and in CVE-2014-1402 security fix. 2.7.2-2 in trusty switches to tempfile.mkdtemp which fixes the security issue, but isn’t an ideal fix for proper caching. |