Опубликовано: 12 янв. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 7.2
CVSS3: 7.8
Описание
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | released | 4.2.1-2 |
| esm-apps/bionic | needed | |
| esm-apps/noble | released | 4.2.1-2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/focal | released | 4.2.0-2ubuntu1.1 |
| esm-infra/xenial | needed | |
| focal | released | 4.2.0-2ubuntu1.1 |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
10
EPSS
Процентиль: 14%
0.00045
Низкий
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
CVSS3: 7.8
nvd
около 5 лет назад
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
CVSS3: 7.8
debian
около 5 лет назад
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local atta ...
EPSS
Процентиль: 14%
0.00045
Низкий
7.2 High
CVSS2
7.8 High
CVSS3