本页列出影响 abrt_project abrt 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-54231 | A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files. | [email protected] | 5.5 | 0.12% | 2026-06-12 | 2026-06-29 |
| CVE-2026-54230 | A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system. | [email protected] | 7.0 | 0.12% | 2026-06-12 | 2026-06-29 |
| CVE-2011-4088 | ABRT might allow attackers to obtain sensitive information from crash reports. | [email protected] | 7.5 | 1.62% | 2020-01-31 | 2026-06-16 |
| CVE-2015-1862 | The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | [email protected] | 7.0 | 3.14% | 2018-02-09 | 2026-06-16 |