Опубликовано: 02 июн. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 8.6
Описание
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| upstream | needs-triage |
Показывать по
10
EPSS
Процентиль: 45%
0.00226
Низкий
7.5 High
CVSS2
8.6 High
CVSS3
Связанные уязвимости
CVSS3: 8.6
nvd
больше 3 лет назад
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
EPSS
Процентиль: 45%
0.00226
Низкий
7.5 High
CVSS2
8.6 High
CVSS3