{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47515", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-09-25T19:03:05.110Z", "datePublished": "2024-12-24T03:26:31.136Z", "dateUpdated": "2025-02-06T08:29:38.924Z"}, "containers": {"cna": {"title": "Pagure: generate_archive() follows symbolic links in temporary clones", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance."}], "affected": [{"versions": [{"status": "affected", "version": "5.14.1"}], "packageName": "pagure", "collectionURL": "https://pagure.io/pagure"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47515", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806", "name": "RHBZ#2315806", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-10-01T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "description": "UNIX Symbolic Link (Symlink) Following", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-61: UNIX Symbolic Link (Symlink) Following", "timeline": [{"lang": "en", "time": "2024-10-01T01:23:36.259000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-01T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-06T08:29:38.924Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-24T15:42:11.578168Z", "id": "CVE-2024-47515", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-24T15:42:35.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47515", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-24T15:42:11.578168Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-24T15:42:31.575Z"}}], "cna": {"title": "Pagure: generate_archive() follows symbolic links in temporary clones", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "5.14.1"}], "packageName": "pagure", "collectionURL": "https://pagure.io/pagure"}], "timeline": [{"lang": "en", "time": "2024-10-01T01:23:36.259000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-01T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-10-01T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47515", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806", "name": "RHBZ#2315806", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "UNIX Symbolic Link (Symlink) Following"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-06T08:29:38.924Z"}, "x_redhatCweChain": "CWE-61: UNIX Symbolic Link (Symlink) Following"}}, "cveMetadata": {"cveId": "CVE-2024-47515", "state": "PUBLISHED", "dateUpdated": "2025-02-06T08:29:38.924Z", "dateReserved": "2024-09-25T19:03:05.110Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-12-24T03:26:31.136Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Pagure. El soporte de enlaces simb\u00f3licos durante el archivado de repositorios permite la divulgaci\u00f3n de archivos locales. Esta falla permite que un usuario malintencionado aproveche la instancia de Pagure."}], "id": "CVE-2024-47515", "lastModified": "2025-02-06T09:15:11.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-12-24T04:15:05.750", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-47515"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-61"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}