{"id":"CVE-2015-7529","details":"sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.","aliases":["GHSA-3g56-2hh3-35ph","PYSEC-2017-73"],"modified":"2026-04-10T03:46:27.635044Z","published":"2017-11-06T17:29:00Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0152.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0188.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/83162"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2845-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:0152"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:0188"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282542"},{"type":"ADVISORY","url":"https://github.com/sosreport/sos/issues/696"},{"type":"FIX","url":"https://github.com/sosreport/sos/issues/696"},{"type":"REPORT","url":"http://www.ubuntu.com/usn/USN-2845-1"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2016:0152"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2016:0188"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1282542"},{"type":"REPORT","url":"https://github.com/sosreport/sos/issues/696"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}