Base Score

HIGH7.1

CVE-2014-2277

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.

VectorLOCAL

Published Bycve@mitre.org

Published DateOct 17, 2017, 15:29

Weakness Type (CWE):CWE-284

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html
http://www.openwall.com/lists/oss-security/2014/03/09/1
http://www.securityfocus.com/bid/66139
https://bugzilla.redhat.com/show_bug.cgi?id=1074720
https://exchange.xforce.ibmcloud.com/vulnerabilities/92104

Base Score

HIGH7.1

Weakness Type (CWE):CWE-284

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE