{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-11481","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","dateUpdated":"2024-09-16T23:25:27.956Z","dateReserved":"2019-04-23T00:00:00.000Z","datePublished":"2020-02-08T04:50:21.892Z"},"containers":{"cna":{"title":"Apport reads arbitrary files if ~/.config/apport/settings is a symlink","datePublic":"2019-10-29T00:00:00.000Z","providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-06-12T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences."}],"affected":[{"vendor":"Canonical","product":"apport","versions":[{"version":"2.14.1","status":"affected","lessThan":"2.14.1-0ubuntu3.29+esm2","versionType":"custom"},{"version":"2.20.1","status":"affected","lessThan":"2.20.1-0ubuntu2.20","versionType":"custom"},{"version":"2.20.9","status":"affected","lessThan":"2.20.9-0ubuntu7.8","versionType":"custom"},{"version":"2.20.11","status":"affected","lessThan":"2.20.11-0ubuntu8.1","versionType":"custom"}]}],"references":[{"url":"https://usn.ubuntu.com/usn/usn-4171-1"},{"url":"https://usn.ubuntu.com/usn/usn-4171-2"},{"url":"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"}],"credits":[{"lang":"en","value":"Kevin Backhouse"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.8,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Read user data with administrator privileges"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"https://usn.ubuntu.com/usn/usn-4171-1","defect":["https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830862"],"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T22:55:40.657Z"},"title":"CVE Program Container","references":[{"url":"https://usn.ubuntu.com/usn/usn-4171-1","tags":["x_transferred"]},{"url":"https://usn.ubuntu.com/usn/usn-4171-2","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","tags":["x_transferred"]}]}]}}