exploitDog

CVE-2024-30247

Опубликовано: 29 мар. 2024

Источник: nvd

CVSS3: 10

CVSS3: 9.8

EPSS Низкий

Описание

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.

Ссылки

https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982
Vendor Advisory
https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloudpi:*:*:*:*:*:*:*:*

Версия до 1.53.1 (исключая)

EPSS

Процентиль: 80%

0.01339

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78

EPSS

Процентиль: 80%

0.01339

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78