CVE-2015-3171

Published: Jul 25, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

Affected (1)

Products: Sos Project: Sos

Sos Project

1 product

Sos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sos Project Sos	Version 3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1218658

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1218658

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.