Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2017-0263
HistoryAug 13, 2017 - 4:17 p.m.

Updated supervisor packages fix security vulnerability

2017-08-1316:17:41
Gentoo Foundation
advisories.mageia.org
10

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root (CVE-2017-11610).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchsupervisor< 3.0.1-1supervisor-3.0.1-1.mga5
Mageia6noarchsupervisor< 3.1.4-1supervisor-3.1.4-1.mga6

Related

prion 1
seebug 1
osv 5
veracode 2
fedora 3
cve 1
openvas 6
packetstorm 1
nessus 7
debian 3
github 1
debiancve 1
freebsd 1
gentoo 1
nuclei 1
zdt 1
redhatcve 1
ubuntucve 1
metasploit 1
attackerkb 1
alpinelinux 1
redhat 1
exploitdb 1
threatpost 1
myhack58 1
prion
prion
Cross site request forgery (csrf)
2017-08-23 14:29:00
seebug
seebug
Supervisor Authenticated Remote Code Execution(CVE-2017-11610)
2017-07-27 00:00:00
osv
osv
supervisor - security update
2017-07-31 00:00:00
PYSEC-2017-41
2017-08-23 14:29:00
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:19:14
Remote Code Execution (RCE)
2017-07-24 22:39:07
fedora
fedora
[SECURITY] Fedora 24 Update: supervisor-3.1.4-1.fc24
2017-08-07 20:18:38
[SECURITY] Fedora 25 Update: supervisor-3.2.4-1.fc25
2017-08-07 21:23:15
[SECURITY] Fedora 26 Update: supervisor-3.3.3-1.fc26
2017-08-07 17:22:19
cve
cve
CVE-2017-11610
2017-08-23 14:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0263)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3942-1)
2017-08-12 00:00:00
Debian: Security Advisory (DLA-1047-1)
2018-02-07 00:00:00
packetstorm
packetstorm
Supervisor XML-RPC Authenticated Remote Code Execution
2017-09-25 00:00:00
nessus
nessus
Debian DSA-3942-1 : supervisor - security update
2017-08-14 00:00:00
Fedora 25 : supervisor (2017-85eb9f7a36)
2017-08-09 00:00:00
Fedora 26 : supervisor (2017-307eab89e1)
2017-08-08 00:00:00
debian
debian
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
[SECURITY] [DLA 1047-1] supervisor security update
2017-07-31 12:59:48
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
github
github
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
debiancve
debiancve
CVE-2017-11610
2017-08-23 14:29:00
freebsd
freebsd
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
2017-07-24 00:00:00
gentoo
gentoo
Supervisor: command injection vulnerability
2017-09-17 00:00:00
nuclei
nuclei
XML-RPC Server - Remote Code Execution
2021-11-15 23:27:25
zdt
zdt
Supervisor XML-RPC Authenticated Remote Code Execution Exploit
2017-09-25 00:00:00
redhatcve
redhatcve
CVE-2017-11610
2017-07-28 07:19:44
ubuntucve
ubuntucve
CVE-2017-11610
2017-08-23 00:00:00
metasploit
metasploit
Supervisor XML-RPC Authenticated Remote Code Execution
2017-08-30 02:10:46
attackerkb
attackerkb
CVE-2017-11610
2017-08-23 00:00:00
alpinelinux
alpinelinux
CVE-2017-11610
2017-08-23 14:29:00
redhat
redhat
(RHSA-2017:3005) Important: Red Hat CloudForms security, bug fix, and enhancement update
2017-10-24 00:00:47
exploitdb
exploitdb
Supervisor 3.0a1 &lt; 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
2017-09-25 00:00:00
threatpost
threatpost
Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41:40
myhack58
myhack58
Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net
2019-03-12 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for MGASA-2017-0263
prion1seebug1osv5veracode2fedora3cve1openvas6packetstorm1nessus7debian3github1debiancve1freebsd1gentoo1nuclei1zdt1redhatcve1ubuntucve1metasploit1attackerkb1alpinelinux1redhat1exploitdb1threatpost1myhack581