CVE-2014-0177 : The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users t

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

Published 2014-05-27 14:55:11

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-0177

Github » HUB
Versions up to, including, (<=) 1.12.0
cpe:2.3:a:github:hub:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0177

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0177

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-0177

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0177

https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600

Use non-predictable filename for downloaded patch file · github/hub@016ec99 · GitHub
Exploit;Patch
http://secunia.com/advisories/58273

Sign in
URL Repurposed

Jump to

Vulnerability Details : CVE-2014-0177

Products affected by CVE-2014-0177

Exploit prediction scoring system (EPSS) score for CVE-2014-0177

CVSS scores for CVE-2014-0177

CWE ids for CVE-2014-0177

References for CVE-2014-0177