Описание
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.
Ссылки
- ExploitThird Party Advisory
- Release Notes
- ExploitThird Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.1 (включая)
cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04005
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
около 4 лет назад
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.
EPSS
Процентиль: 88%
0.04005
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77