How severe is CVE-2019-7307?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-7307?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2019-7307 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.

Related Vulnerabilities

CVE-2024-2913

MEDIUM

CVSS:6.5(Medium)

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple...

CWE-3672024

CVE-2024-51563

MEDIUM

CVSS:6.5(Medium)

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.

CWE-3672024

CVE-2020-0358

MEDIUM

CVSS:6.4(Medium)

In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...

CWE-3672020

CVE-2020-11220

MEDIUM

CVSS:6.4(Medium)

While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, S...

CWE-3672020

CVE-2020-11230

MEDIUM

CVSS:6.4(Medium)

Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdra...

CWE-3672020

CVE-2020-12926

MEDIUM

CVSS:6.4(Medium)

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM...

CWE-3672020