Описание
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glances | fixed | 4.5.2+dfsg-1 | package |
Примечания
https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
Fixed by: https://github.com/nicolargo/glances/commit/fb0263af0c2d06f87667eb804bc8e147f243aa5c (v4.5.2)
EPSS
Связанные уязвимости
(Glances is an open-source system cross-platform monitoring tool. Prior ...)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.
EPSS