PT-2014-5409 · Google+2 · Luci+2
Published
2014-10-14
·
Updated
2023-02-13
·
CVE-2014-3593
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
luci version 0.26.0
Description
The issue allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
Recommendations
For luci version 0.26.0, update to a version that fixes the eval injection issue to prevent arbitrary Python code execution.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Red Hat
Luci