Описание
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.
EPSS
Процентиль: 51%
0.0028
Низкий
9 Critical
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9
github
26 дней назад
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.
EPSS
Процентиль: 51%
0.0028
Низкий
9 Critical
CVSS3
Дефекты
CWE-306