Lucene search

GitHub Advisory DatabaseGHSA-RFM2-F94J-QHJP

HistoryApr 22, 2024 - 12:30 p.m.

OpenStack Storlets arbitrary code execution vulnerability

2024-04-2212:30:33

CWE-367

CWE-400

GitHub Advisory Database

github.com

openstack

storlets

vulnerability

remote attacker

arbitrary code execution

gateway.py

software

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

Affected configurations

Vulners

Node

storletsRange<13.0.0.0rc1

VendorProductVersionCPE
*storlets*cpe:2.3:a:*:storlets:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	storlets	*	cpe:2.3:a::storlets::::::::*

References

bugs.launchpad.net/storlets/+bug/2047723

gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f

github.com/advisories/GHSA-rfm2-f94j-qhjp

github.com/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e

nvd.nist.gov/vuln/detail/CVE-2024-28717

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-RFM2-F94J-QHJP