Vulnerability Details CVE-2015-1327
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v3 Score 3.9
CVSS v2 Score 4.3
References
Products affected by CVE-2015-1327
-
cpe:2.3:o:canonical:ubuntu_linux:15.04