CVE-2015-1341 HIGH

CVE-2015-1341: Apport privilege escalation through Python module imports

Vendor Ubuntu

Product Apport

Published April 22, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.4/10

Attack vector Physical

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Key dates

Disclosure timeline

April 22, 2019 CVE published

September 16, 2024 Record updated

Identifiers

CVE CVE-2015-1341

CVSS 7.4 / HIGH

Affected versions

Vendor Ubuntu

Product Apport

Affected ≥ unspecified and < 2.0.1-0ubuntu17.13

Vendor Ubuntu

Product Apport

Affected ≥ unspecified and < 2.19.1-0ubuntu4

Vendor Ubuntu

Product Apport

Affected ≥ unspecified and < 2.17.2-0ubuntu1.7

Vendor Ubuntu

Product Apport

Affected ≥ unspecified and < 2.14.1-0ubuntu3.18

Vendor Ubuntu

Product Apport

Affected ≥ unspecified and < 2.19.2