VDB
CVE-2016-9595
CVE-2016-9595
PUBLISHED
CVSS 7.3 HIGH
Reported by redhat · Published July 27, 2018
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Risk Scores
CVSS 3.0
7.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foreman | katello-debug | 3.4.0 |
| Foreman | katello-debug | 3.4.0, 3.4.0 |
Timeline
- Jul 27, 2018 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- RHSA-2018:0336 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM