PT-2015-6813 · Openstack · Openstack Swift-On-File

Siddharth Sharma

Publicado

2015-11-25

Atualizado

2015-11-27

CVE-2015-5242

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Swift-on-File (aka Swiftonfile) (affected versions not specified)

Description The issue is related to the improper restriction of the pickle Python module when loading metadata. This allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2015-5242

RHSA-2015:1918

Produtos afetados

Openstack Swift-On-File

PT-2015-6813 · Openstack · Openstack Swift-On-File

CVE-2015-5242

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5