What is CVE-2015-5313?

CVE-2015-5313 is a low-severity vulnerability in Redhat Libvirt, classified under Path Traversal. CVSS score: 2.5/10. Published 2016-04-11.

How severe is CVE-2015-5313?

Low severity. CVSS v3 base score is 2.5 out of 10.

Is CVE-2015-5313 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Redhat Libvirt

CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL b…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Redhat Libvirt
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2015-5313

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
90913 (vdb-entry, x_refsource_BID)
[libvirt] 20151211 [PATCH] CVE-2015-5313: storage: don't allow '/' in filesystem volume names (mailing-list, x_refsource_MLIST)
FEDORA-2015-30b347dff1 (x_refsource_FEDORA, vendor-advisory)
GLSA-201612-10 (vendor-advisory, x_refsource_GENTOO)
RHSA-2016:2577 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2015-5313?: CVE-2015-5313 is a low-severity vulnerability in Redhat Libvirt, classified under Path Traversal. CVSS score: 2.5/10. Published 2016-04-11.
How severe is CVE-2015-5313?: Low severity. CVSS v3 base score is 2.5 out of 10.
Is CVE-2015-5313 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.