Описание
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.4 (исключая)
cpe:2.3:a:thinkst:opencanary:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00186
Низкий
7.8 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 7.8
github
больше 1 года назад
OpenCanary Executes Commands From Potentially Writable Config File
EPSS
Процентиль: 40%
0.00186
Низкий
7.8 High
CVSS3
Дефекты
CWE-863