// For flags

CVE-2014-1402

python-jinja2: FileSystemBytecodeCache insecure cache temporary file use

Severity Score

4.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.

La configuración por defecto para bccache.FileSystemBytecodeCache en Jinja2 anterior a 2.7.2 no crea debidamente archivos temporales, lo que permite a usuarios locales ganar privilegios a través de un archivo .cache manipulado con un nombre que empieza con __jinja2_ en /tmp.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-01-10 CVE Reserved
  • 2014-05-19 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-377: Insecure Temporary File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
<= 2.7.1
Search vendor "Pocoo" for product "Jinja2" and version " <= 2.7.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.0
Search vendor "Pocoo" for product "Jinja2" and version "2.0"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.0
Search vendor "Pocoo" for product "Jinja2" and version "2.0"
rc1
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.1
Search vendor "Pocoo" for product "Jinja2" and version "2.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.1.1
Search vendor "Pocoo" for product "Jinja2" and version "2.1.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.2
Search vendor "Pocoo" for product "Jinja2" and version "2.2"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.2.1
Search vendor "Pocoo" for product "Jinja2" and version "2.2.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.3
Search vendor "Pocoo" for product "Jinja2" and version "2.3"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.3.1
Search vendor "Pocoo" for product "Jinja2" and version "2.3.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.4
Search vendor "Pocoo" for product "Jinja2" and version "2.4"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.4.1
Search vendor "Pocoo" for product "Jinja2" and version "2.4.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5
Search vendor "Pocoo" for product "Jinja2" and version "2.5"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5.1
Search vendor "Pocoo" for product "Jinja2" and version "2.5.1"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5.2
Search vendor "Pocoo" for product "Jinja2" and version "2.5.2"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5.3
Search vendor "Pocoo" for product "Jinja2" and version "2.5.3"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5.4
Search vendor "Pocoo" for product "Jinja2" and version "2.5.4"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.5.5
Search vendor "Pocoo" for product "Jinja2" and version "2.5.5"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.6
Search vendor "Pocoo" for product "Jinja2" and version "2.6"
-
Affected
Pocoo
Search vendor "Pocoo"
Jinja2
Search vendor "Pocoo" for product "Jinja2"
2.7
Search vendor "Pocoo" for product "Jinja2" and version "2.7"
-
Affected