本頁列出影響 abrt_project abrt 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-54231 | A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files. | [email protected] | 5.5 | 0.12% | 2026-06-12 | 2026-06-29 |
| CVE-2026-54230 | A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system. | [email protected] | 7.0 | 0.12% | 2026-06-12 | 2026-06-29 |
| CVE-2011-4088 | ABRT might allow attackers to obtain sensitive information from crash reports. | [email protected] | 7.5 | 1.62% | 2020-01-31 | 2026-06-16 |
| CVE-2015-1862 | The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | [email protected] | 7.0 | 3.14% | 2018-02-09 | 2026-06-16 |