CVE-2014-8163

Impact:
Moderate
Public Date:
2015-03-03
CWE:
CWE-22
Bugzilla:
1187340: CVE-2014-8163 Satellite5: upload_crash_file and upload_result directory traversal
It was found that an XMLRPC interface exposed by Satellite could allow an attacker to write arbitrary files and directories under the /var/satellite directory on the Satellite server.

Find out more about CVE-2014-8163 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.9
Base Metrics AV:N/AC:M/Au:S/C:N/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Travis Emmert for reporting this issue.
Last Modified