Lucene search

K

Ubuntu.comUB:CVE-2014-1402

HistoryMay 19, 2014 - 12:00 a.m.

CVE-2014-1402

2014-05-1900:00:00

ubuntu.com

ubuntu.com

17

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

10.1%

The default configuration for bccache.FileSystemBytecodeCache in Jinja2
before 2.7.2 does not properly create temporary files, which allows local
users to gain privileges via a crafted .cache file with a name starting
with _jinja2 in /tmp.

Bugs

Notes

Author	Note
mdeslaur	upstream commit below included in 2.7.2 introduces a temp file issue, which is CVE-2014-0012

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchjinja2< 2.6-1ubuntu0.1UNKNOWN

References

launchpad.net/bugs/cve/CVE-2014-1402

nvd.nist.gov/vuln/detail/CVE-2014-1402

security-tracker.debian.org/tracker/CVE-2014-1402

ubuntu.com/security/notices/USN-2301-1

www.cve.org/CVERecord?id=CVE-2014-1402

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

10.1%

Related for UB:CVE-2014-1402

osv7 debiancve2 nessus12 cve2 nvd2 ubuntu1 prion2 openvas9 gentoo1 github2 cvelist2 ubuntucve1 mageia1 redhat2 amazon1 fedora2 oraclelinux1 veracode1 suse2 centos1 gitlab1 securityvulns1