QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15288

Published: Nov 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/scala/scala/pull/6128

x_refsource_CONFIRM

https://github.com/scala/scala/pull/6120

x_refsource_CONFIRM

https://github.com/scala/scala/pull/6108

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

http://scala-lang.org/news/security-update-nov17.html

x_refsource_CONFIRM

[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

mailing-list

x_refsource_MLIST

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[kafka-dev] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288

mailing-list

x_refsource_MLIST

[kafka-jira] 20210211 [jira] [Updated] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[kafka-jira] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288

mailing-list

x_refsource_MLIST

[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[kafka-jira] 20210214 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[kafka-jira] 20210215 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[kafka-dev] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[kafka-jira] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?

mailing-list

x_refsource_MLIST

[druid-commits] 20210302 [GitHub] [druid] abhishekagarwal87 opened a new pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on

mailing-list

x_refsource_MLIST

[druid-commits] 20210302 [GitHub] [druid] maytasm merged pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.