Описание
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
EPSS
Процентиль: 21%
0.00067
Низкий
8.8 High
CVSS3
Дефекты
CWE-272
Связанные уязвимости
CVSS3: 8.8
github
13 дней назад
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
EPSS
Процентиль: 21%
0.00067
Низкий
8.8 High
CVSS3
Дефекты
CWE-272