Описание
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1:1.2.11-6 |
| esm-apps/bionic | released | 1:1.2.3-2ubuntu1~18.04.1+esm1 |
| esm-apps/focal | released | 1:1.2.3-5ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1:1.2.10-1 |
| esm-apps/noble | not-affected | 1:1.2.11-5 |
| esm-apps/xenial | released | 1:1.1.3-2ubuntu0.1~esm1 |
| focal | ignored | end of standard support, was needs-triage |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
Ссылки на источники
8.5 High
CVSS2
6.6 Medium
CVSS3
Связанные уязвимости
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
In logback version 1.2.7 and prior versions, an attacker with the requ ...
Security update for maven and recommended update for antlr3, minlog, sbt, xmvn
8.5 High
CVSS2
6.6 Medium
CVSS3