Lucene search
HistoryNov 25, 2015 - 8:59 p.m.
CVE-2015-5242
cve-2015-5242
openstack
swift-on-file
swiftonfile
python
remote code execution
authentication
crafted extended attribute
nvd
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.2%
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
Affected configurations
Node
redhatgluster_storageMatch3.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:gluster_storage | redhat gluster storage | eq | 3.1 |
Related
prion
prion
Code injection
2015-11-25 20:59:00
nvd
nvd
CVE-2015-5242
2015-11-25 20:59:04
redhat
redhat
(RHSA-2015:1918) Important: swiftonfile security update
2015-10-20 00:00:00
nessus
nessus
RHEL 6 : swiftonfile (RHSA-2015:1918)
2015-10-22 00:00:00
cvelist
cvelist
CVE-2015-5242
2015-11-25 20:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:08:02
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.2%
Related for CVE-2015-5242