{"api_version":"1","generated_at":"2026-04-24T20:51:50+00:00","cve":"CVE-2015-3151","urls":{"html":"https://cve.report/CVE-2015-3151","api":"https://cve.report/api/cve/CVE-2015-3151.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-3151","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-3151"},"summary":{"title":"CVE-2015-3151","description":"Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-01-14 18:15:00","updated_at":"2023-02-13 00:47:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b","name":"https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"dbus: report invalid element names · abrt/abrt@f3c2a6a · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1214451","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1214451","refsource":"MISC","tags":[],"title":"1214451 – (CVE-2015-3151) CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364","name":"https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"lib: add a function checking file names · abrt/libreport@54ecf8d · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932","name":"https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"daemon: use libreport's function checking file name · abrt/abrt@c796c76 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"1214451 – (CVE-2015-3151) CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:1083","name":"https://access.redhat.com/errata/RHSA-2015:1083","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2015-3151","name":"https://access.redhat.com/security/cve/CVE-2015-3151","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2015-3151","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277","name":"https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"dd: harden functions against directory traversal issues · abrt/libreport@239c4f7 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3","name":"https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"dbus: validate parameters of all calls · abrt/abrt@7a47f57 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-3151","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3151","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"3151","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"automatic_bug_reporting_tool","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"3151","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"automatic_bug_reporting_tool","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-3151","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Directory Traversal (Local File Inclusion)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"ABRT","product":{"product_data":[{"product_name":"ABRT","version":{"version_data":[{"version_affected":"=","version_value":"before 7a47f57975be0d285a2f20758e4572dca6d9cdd3"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"},{"url":"https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"},{"url":"https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"},{"url":"https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b","refsource":"MISC","name":"https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"},{"url":"https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277","refsource":"MISC","name":"https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"},{"url":"https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364","refsource":"MISC","name":"https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"}]}},"nvd":{"publishedDate":"2020-01-14 18:15:00","lastModifiedDate":"2023-02-13 00:47:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"3151","Ordinal":"80104","Title":"CVE-2015-3151","CVE":"CVE-2015-3151","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"3151","Ordinal":"1","NoteData":"Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"3151","Ordinal":"2","NoteData":"2020-01-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"3151","Ordinal":"3","NoteData":"2020-01-14","Type":"Other","Title":"Modified"}]}}}