exploitDog

CVE-2024-28718

Опубликовано: 12 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

Ссылки

https://bugs.launchpad.net/magnum/+bug/2047690
Exploit
Issue Tracking
Patch
https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
Third Party Advisory
https://review.opendev.org/c/openstack/magnum/+/907305
Patch
https://bugs.launchpad.net/magnum/+bug/2047690
Exploit
Issue Tracking
Patch
https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
Third Party Advisory
https://review.opendev.org/c/openstack/magnum/+/907305
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openstack:magnum:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.0063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-367

Связанные уязвимости

CVE-2024-28718

CVSS3: 9.8

ubuntu

почти 2 года назад

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

GHSA-jx7x-9r98-h5xr

CVSS3: 6.3

github

почти 2 года назад

OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

EPSS

Процентиль: 70%

0.0063

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-367