PT-2023-19941 · Wings · Wings

Astro-Angelfish

Publicado

2023-02-08

Atualizado

2024-08-20

CVE-2023-25152

CVSS v3.1

8.4

Alta

Vetor

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions Wings versions prior to v1.11.3 Wings versions prior to v1.7.3

Description The vulnerability in Wings allows attackers to create new files and directory structures on the host system, potentially enabling them to change resource allocations, promote containers to privileged mode, or add ssh authorized keys for remote shell access. An attacker must have an existing server allocated and controlled by the Wings Daemon to exploit this issue.

Recommendations For versions prior to v1.11.3, upgrade to v1.11.3. For versions prior to v1.7.3, upgrade to v1.7.3.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-61CWE-59

Identificadores relacionados

CVE-2023-25152

GHSA-P8R3-83R8-JWJ5

GO-2023-1542

Produtos afetados

Wings

PT-2023-19941 · Wings · Wings

CVE-2023-25152

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11