{"api_version":"1","generated_at":"2026-04-24T20:52:37+00:00","cve":"CVE-2015-3150","urls":{"html":"https://cve.report/CVE-2015-3150","api":"https://cve.report/api/cve/CVE-2015-3150.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-3150","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-3150"},"summary":{"title":"CVE-2015-3150","description":"abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-01-14 18:15:00","updated_at":"2023-02-13 00:47:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2015-3150","name":"https://access.redhat.com/security/cve/CVE-2015-3150","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2015-3150","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1214457","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1214457","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"1214457 – (CVE-2015-3150) CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1","name":"https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"dbus: avoid race-conditions in tests for dum dir availability · abrt/abrt@7814554 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75","name":"https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"lib: fix races in dump directory handling code · abrt/libreport@1951e72 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:1083","name":"https://access.redhat.com/errata/RHSA-2015:1083","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7","name":"https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"lib: add functions validating dump dir · abrt/abrt@b7f8bd2 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8","name":"https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"dbus: process only valid sub-directories of the dump location · abrt/abrt@6e811d7 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-3150","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3150","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"3150","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"automatic_bug_reporting_tool","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"3150","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"automatic_bug_reporting_tool","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-3150","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Other"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"ABRT","product":{"product_data":[{"product_name":"ABRT","version":{"version_data":[{"version_affected":"=","version_value":"before 1951e7282043dfe1268d492aea056b554baedb75"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"},{"url":"https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"},{"url":"https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"},{"url":"https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75","refsource":"MISC","name":"https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1214457","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1214457"}]}},"nvd":{"publishedDate":"2020-01-14 18:15:00","lastModifiedDate":"2023-02-13 00:47:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"3150","Ordinal":"80103","Title":"CVE-2015-3150","CVE":"CVE-2015-3150","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"3150","Ordinal":"1","NoteData":"abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"3150","Ordinal":"2","NoteData":"2020-01-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"3150","Ordinal":"3","NoteData":"2020-01-14","Type":"Other","Title":"Modified"}]}}}