CVE-2015-1327 LOW

CVE-2015-1327: Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access

Vendor Ubuntu
Product Content Hub
Published April 22, 2019
Last update September 16, 2024

CVSS base score

3.9/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
September 16, 2024 Record updated