Remote Code Execution Vulnerability in Fedora Atomic by Red Hat
CVE-2015-3229

5.9MEDIUM

Key Information:

Vendor
Fedoraproject
Status
Spin-kickstarts
Vendor
CVE Published:
16 October 2017

Summary

The vulnerability exists in the method Fedora Atomic utilizes to download updates over HTTP, enabling remote attackers to intercept and manipulate the data during transfer. This flaw can lead to potential unauthorized code execution and exposure of sensitive information, highlighting the importance of securing communication channels through protocols like HTTPS.

References

http://www.openwall.com/lists/oss-security/2015/06/12/8
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/spins%40lis...
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1231800
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.