Описание
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4-19.10 (исключая)
cpe:2.3:a:amazon:amazon_web_services_cloudformation_bootstrap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00173
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
EPSS
Процентиль: 39%
0.00173
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-269