Vulnerability CVE-2014-0177
Published: 2014-05-27

Description:
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Hub project -> HUB 

 References:
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
http://secunia.com/advisories/58273
Copyright 2024, cxsecurity.com

 

Back to Top