Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15103

Опубликовано: 18 дек. 2017
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

A security-check flaw was found in the way the Heketi server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1510147heketi: OS command injection in heketi API

EPSS

Процентиль: 77%
0.01019
Низкий

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-15103

CVSS3: 8.8
nvd
около 8 лет назад

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

debian логотип

CVE-2017-15103

CVSS3: 8.8
debian
около 8 лет назад

A security-check flaw was found in the way the Heketi 5 server API han ...

github логотип

GHSA-6g56-v9qg-jp92

CVSS3: 8.8
github
почти 2 года назад

Heketi Arbitrary Code Execution

EPSS

Процентиль: 77%
0.01019
Низкий

8.8 High

CVSS3