Skip to main content

Rsyslog CVE-2015-3243

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2017-07-25 secalert@redhat.com
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 25, 2017 - 18:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

AnalysisAI

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-532. rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Affected products include: Rsyslog.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2015-3243 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy