Описание
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatch
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:heketi_project:heketi:5.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01019
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
CWE-20
Связанные уязвимости
CVSS3: 8.8
redhat
около 8 лет назад
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
CVSS3: 8.8
debian
около 8 лет назад
A security-check flaw was found in the way the Heketi 5 server API han ...
EPSS
Процентиль: 77%
0.01019
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
CWE-20