Количество 2
Количество 2
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
GHSA-cgq8-x9fm-m5vm
StarWind SAN and NAS v0.2 build 1914 allow remote code execution.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-32268 StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. | CVSS3: 8.8 | 4% Низкий | больше 3 лет назад |
| GHSA-cgq8-x9fm-m5vm StarWind SAN and NAS v0.2 build 1914 allow remote code execution. | CVSS3: 7.2 | 4% Низкий | больше 3 лет назад |
Уязвимостей на страницу