Описание
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
Ссылки
- ProductVendor Advisory
- Mailing ListThird Party Advisory
- ProductVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021-10-25 (исключая)
cpe:2.3:a:zepl:zepl:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02852
Низкий
9.9 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.9
github
почти 4 года назад
All pervious versions before October 25, 2021 of Zepl Notebooks are affeced by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
EPSS
Процентиль: 86%
0.02852
Низкий
9.9 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo