Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-14868

Опубликовано: 02 апр. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 7.2
CVSS3: 7.4

Описание

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

2020.0.0-5
esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

released

93u+20120801-1ubuntu0.14.04.1+esm1
focal

not-affected

2020.0.0-5
groovy

not-affected

2020.0.0-5

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%
0.00204
Низкий

7.2 High

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-14868

CVSS3: 7.4
redhat
около 6 лет назад

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

nvd логотип

CVE-2019-14868

CVSS3: 7.4
nvd
почти 6 лет назад

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

debian логотип

CVE-2019-14868

CVSS3: 7.4
debian
почти 6 лет назад

In ksh version 20120801, a flaw was found in the way it evaluates cert ...

suse-cvrf логотип

SUSE-SU-2024:2756-1

suse-cvrf
больше 1 года назад

Security update for ksh

github логотип

GHSA-2x84-7422-962r

CVSS3: 7.8
github
больше 3 лет назад

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

EPSS

Процентиль: 42%
0.00204
Низкий

7.2 High

CVSS2

7.4 High

CVSS3