Описание
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Одно из
EPSS
9 Critical
CVSS2
Дефекты
Связанные уязвимости
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). This is very similar to a flaw discovered last year in a large number of other plugins; this instance was not fixed at that time because Trigger uses a different method to invoke external shell commands, and because Trigger previously hid all errors from trigger scripts, so tests did not find the issue. As a side effect of this change, Trigger will begin reporting errors from triggered scripts. This only affects the Trigger plugin; if you are not using Trigger, you are not affected by this flaw. As a workaround, you can disable Trigger until you are able to upgrade."
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
EPSS
9 Critical
CVSS2