CVE-2014-1402
Published May 19, 2014
Last updated 7 years ago
Overview
- Description
- The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pocoo:jinja2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C17F89C8-60E2-490D-ADDD-3A3C683DB5EC",
"versionEndIncluding": "2.7.1"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5962EB2E-DAEA-4A50-AFDB-162EEA220974"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69E6866B-D562-426B-A4FF-C78EDD04D8D3"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46E4F0BF-0944-430D-BB84-B42E07F6C8A4"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D164D2AA-4534-48D5-A90F-47C736FC3E6D"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B1BD2C2-88EB-4D86-8832-71E25F545218"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBE6DFCB-BE4D-4204-B666-D4D1EA2EA753"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68085717-AA12-48C8-81AD-DA3ADB17B587"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5F7F6E7-584C-4F63-B98B-B71D0F3FDB0E"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "923F1074-8DB4-454A-BED4-F9BDD080DCC2"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5F020EA-89C9-4A36-A668-493143335391"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4812CCD7-5A95-499A-BE99-DAD88EE14902"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4E4836B-3047-40A7-A60B-25EE0C7FB537"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31D6EEDF-76C5-4A79-8035-60940E00E6F8"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B95337AF-4991-4AAE-A9EA-BC881B094717"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB314640-C430-4B96-A31E-B98E6F7294F5"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "471D23E6-02A3-4390-89F7-4342DA18E3D7"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0443DF18-E8AB-461C-BE64-EE0C6F00EE71"
},
{
"criteria": "cpe:2.3:a:pocoo:jinja2:2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5173B0E3-F80C-4E9D-9487-CD849A93F258"
}
],
"operator": "OR"
}
]
}
]