PT-2017-2784 · Supervisor+1 · Supervisor+1

Calum Hutton

Publicado

2017-08-07

Atualizado

2024-04-08

CVE-2017-11610

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Supervisor versions prior to 3.0.1 Supervisor versions 3.1.x prior to 3.1.4 Supervisor versions 3.2.x prior to 3.2.4 Supervisor versions 3.3.x prior to 3.3.3

Description The XML-RPC server in Supervisor allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. This issue is also related to inadequate access control in the XML-RPC component of the Supervisor web server.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later. For versions 3.1.x prior to 3.1.4, update to version 3.1.4 or later. For versions 3.2.x prior to 3.2.4, update to version 3.2.4 or later. For versions 3.3.x prior to 3.3.3, update to version 3.3.3 or later.

Exploit

Correção

Improper Access Control

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-276

Identificadores relacionados

ALT-PU-2016-3247

ALT-PU-2016-3248

ALT-PU-2017-3593

BDU:2017-02043

CVE-2017-11610

DLA-1047-1

DSA-3942-1

GHSA-X7C8-4X3H-874W

MGASA-2017-0263

PYSEC-2017-41

RHSA-2017:3005

Produtos afetados

Alt Linux

Supervisor

PT-2017-2784 · Supervisor+1 · Supervisor+1

CVE-2017-11610

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51