CVE-2020-10789

Name of the Vulnerable Software and Affected Versions openITCOCKPIT versions prior to 3.7.3

Description The issue allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. This is related to a web-based terminal in openITCOCKPIT.

Recommendations For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based terminal until a patch is applied. Additionally, be cautious when using the su command and ensure proper handling of shell metacharacters to minimize the risk of exploitation.