CVE-2011-4356
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| celeryproject | celery | 2.1.0 | cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.0 | cpe:2.3:a:celeryproject:celery:2.2.0:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.1 | cpe:2.3:a:celeryproject:celery:2.2.1:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.2 | cpe:2.3:a:celeryproject:celery:2.2.2:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.3 | cpe:2.3:a:celeryproject:celery:2.2.3:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.4 | cpe:2.3:a:celeryproject:celery:2.2.4:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.5 | cpe:2.3:a:celeryproject:celery:2.2.5:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.6 | cpe:2.3:a:celeryproject:celery:2.2.6:*:*:*:*:*:*:* |
| celeryproject | celery | 2.2.7 | cpe:2.3:a:celeryproject:celery:2.2.7:*:*:*:*:*:*:* |
| celeryproject | celery | 2.3.0 | cpe:2.3:a:celeryproject:celery:2.3.0:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%