Описание
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.92-2ubuntu3.1 |
| devel | released | 2.92-3ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.82-1.1ubuntu3.2]] |
| esm-infra/xenial | released | 2.84-3ubuntu3.1 |
| precise/esm | DNE | |
| trusty | released | 2.82-1.1ubuntu3.2 |
| trusty/esm | DNE | trusty was released [2.82-1.1ubuntu3.2] |
| upstream | needs-triage | |
| xenial | released | 2.84-3ubuntu3.1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Transmission through 2.92 relies on X-Transmission-Session-Id (which i ...
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3