CVE-2015-4155
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Published
2015-06-02T14:59:14.973
Last Modified
2025-04-12T10:46:40.837
Status
Deferred
Source
[email protected]
Severity
CVSSv2: 3.6 (LOW)
CVSSv2 Vector
AV:L/AC:L/Au:N/C:N/I:P/A:P
- Access Vector: LOCAL
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: NONE
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
3.9
Impact Score
4.9
Weaknesses
Affected Vendors & Products
Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
Application |
gnu
|
parallel
|
≤ 20150322 |
Yes
|
References