Описание
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
Ссылки
- Broken LinkURL Repurposed
- ExploitIssue Tracking
- ExploitThird Party Advisory
- Broken LinkURL Repurposed
- ExploitIssue Tracking
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:flower_project:flower:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.6
ubuntu
больше 3 лет назад
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
EPSS
Процентиль: 45%
0.00226
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287