CVE-2015-1327
Last modified
CVE-2015-1327 is a vulnerability of currently unknown severity. Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 15.04 |
References
- https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212Third Party Advisory
- https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/revision/212Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1327?
How severe is CVE-2015-1327?
How do I fix CVE-2015-1327?
Are you affected by CVE-2015-1327?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST