Описание
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | rubygem-openshift-origin-node | Affected | ||
| Red Hat OpenShift Enterprise 2.0 | rubygem-openshift-origin-node | Fixed | RHSA-2014:0529 | 21.05.2014 |
| Red Hat OpenShift Enterprise 2.1 | rubygem-openshift-origin-node | Fixed | RHSA-2014:0530 | 21.05.2014 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-73->CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1096955OpenShift: downloadable cartridge source url file command execution as root
7.2 High
CVSS2
Связанные уязвимости
nvd
около 11 лет назад
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
github
больше 3 лет назад
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
7.2 High
CVSS2