cvedb.io
CVE-2015-5313
LOW · CVSS 2.5
EPSS exploitation probability: 0%
Published 2016-04-11T21:59:04.100 · Last modified 2026-06-17T00:28:54.683

Summary

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Affected products

redhat — libvirt

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.