CVE-2015-5302

Published: Dec 7, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.

Affected (24)

Products: Redhat: Libreport

Redhat

1 product

Libreport

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Redhat Libreport	Version 2.0.10
Redhat Libreport	Version 2.0.14
Redhat Libreport	Version 2.0.16
Redhat Libreport	Version 2.0.19
Redhat Libreport	Version 2.0.20
Redhat Libreport	Version 2.0.8
Redhat Libreport	Version 2.0.9
Redhat Libreport	Version 2.1.0
Redhat Libreport	Version 2.1.10
Redhat Libreport	Version 2.1.11
Redhat Libreport	Version 2.1.1
Redhat Libreport	Version 2.1.2
Redhat Libreport	Version 2.1.3
Redhat Libreport	Version 2.1.4
Redhat Libreport	Version 2.1.5
Redhat Libreport	Version 2.1.6
Redhat Libreport	Version 2.1.7
Redhat Libreport	Version 2.1.8
Redhat Libreport	Version 2.1.9
Redhat Libreport	Version 2.2.2
Redhat Libreport	Version 2.2.3
Redhat Libreport	Version 2.3.0
Redhat Libreport	Version 2.5.1
Redhat Libreport	Version 2.6.2