Количество 2
Количество 2
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
GHSA-939m-4xpw-v34v
Arbitrary Code Execution in blazar-dashboard
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-26943 An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | CVSS3: 9.9 | 1% Низкий | больше 5 лет назад |
| GHSA-939m-4xpw-v34v Arbitrary Code Execution in blazar-dashboard | CVSS3: 9.9 | 1% Низкий | больше 5 лет назад |
Уязвимостей на страницу