NVD

Id
28968  
Name
CVE-2014-0012  
Description
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user"s uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.  
Reject
 
CVSS Version
2  
CVSS Score
4.4  
Severity
Medium  
CVSS Base Score
4.4  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-05-19  
Modified Date
2015-12-14  
Seq
2014-0012  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152698 28968 CVE-2014-0012 [oss-security] 20140110 CVE assignment for jinja2  View
152699 28968 CVE-2014-0012 GLSA-201408-13  View
152700 28968 CVE-2014-0012 https://bugzilla.redhat.com/show_bug.cgi?id=1051421  View
152701 28968 CVE-2014-0012 https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7  View
152702 28968 CVE-2014-0012 https://github.com/mitsuhiko/jinja2/pull/292  View
152703 28968 CVE-2014-0012 https://github.com/mitsuhiko/jinja2/pull/296  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13683 JVNDB-2014-002558 Jinja2 の FileSystemBytecodeCache における権限を取得される脆弱性 Jinja2 の FileSystemBytecodeCache は、適切に一時ディレクトリを作成しないため、権限を取得される脆弱性が存在します。 CVE-2014-0012 67413 CVE-2014-0012 28968 4.4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002558.html 2014-01-10 2014-12-25 View