8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
mnaberez reports:
supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket.
The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been
enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability has been
found where an authenticated client can send a malicious XML-RPC request to supervisord that
will run arbitrary shell commands on the server. The commands will be run as the same user as
supervisord. Depending on how supervisord has been configured, this may be root.
This vulnerability can only be exploited by an authenticated client or if supervisord has been
configured to run an HTTP server without authentication. If authentication has not been enabled,
supervisord will log a message at the critical level every time it starts.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-supervisor | < 3.3.3,1 | UNKNOWN |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%