CVE-2015-7314

Published: Oct 6, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

Affected (1)

Products: Gollum Project: Gollum

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gollum Project Gollum	Up to 4.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://jvn.jp/en/jp/JVN27548431/index.html

Source: cve@mitre.org

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/09/22/12

Source: cve@mitre.org

https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1

Source: cve@mitre.org

Patch

https://github.com/gollum/gollum/issues/1070

Source: cve@mitre.org

PatchVendor Advisory

http://jvn.jp/en/jp/JVN27548431/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/09/22/12

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/gollum/gollum/issues/1070

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.