Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-X7C8-4X3H-874W
HistoryMay 13, 2022 - 1:42 a.m.

Incorrect Default Permissions in Supervisor

2022-05-1301:42:26
Google
osv.dev
7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Related

prion 1
seebug 1
osv 4
veracode 2
fedora 3
cve 1
openvas 6
packetstorm 1
nessus 7
debian 3
github 1
debiancve 1
mageia 1
freebsd 1
gentoo 1
nuclei 1
zdt 1
redhatcve 1
ubuntucve 1
metasploit 1
attackerkb 1
alpinelinux 1
redhat 1
exploitdb 1
threatpost 1
myhack58 1
prion
prion
Cross site request forgery (csrf)
2017-08-23 14:29:00
seebug
seebug
Supervisor Authenticated Remote Code Execution(CVE-2017-11610)
2017-07-27 00:00:00
osv
osv
supervisor - security update
2017-07-31 00:00:00
PYSEC-2017-41
2017-08-23 14:29:00
CVE-2017-11610
2017-08-23 14:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:19:14
Remote Code Execution (RCE)
2017-07-24 22:39:07
fedora
fedora
[SECURITY] Fedora 24 Update: supervisor-3.1.4-1.fc24
2017-08-07 20:18:38
[SECURITY] Fedora 25 Update: supervisor-3.2.4-1.fc25
2017-08-07 21:23:15
[SECURITY] Fedora 26 Update: supervisor-3.3.3-1.fc26
2017-08-07 17:22:19
cve
cve
CVE-2017-11610
2017-08-23 14:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0263)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3942-1)
2017-08-12 00:00:00
Debian: Security Advisory (DLA-1047-1)
2018-02-07 00:00:00
packetstorm
packetstorm
Supervisor XML-RPC Authenticated Remote Code Execution
2017-09-25 00:00:00
nessus
nessus
Debian DSA-3942-1 : supervisor - security update
2017-08-14 00:00:00
Fedora 25 : supervisor (2017-85eb9f7a36)
2017-08-09 00:00:00
Fedora 26 : supervisor (2017-307eab89e1)
2017-08-08 00:00:00
debian
debian
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
[SECURITY] [DLA 1047-1] supervisor security update
2017-07-31 12:59:48
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
github
github
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
debiancve
debiancve
CVE-2017-11610
2017-08-23 14:29:00
mageia
mageia
Updated supervisor packages fix security vulnerability
2017-08-13 16:17:41
freebsd
freebsd
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
2017-07-24 00:00:00
gentoo
gentoo
Supervisor: command injection vulnerability
2017-09-17 00:00:00
nuclei
nuclei
XML-RPC Server - Remote Code Execution
2021-11-15 23:27:25
zdt
zdt
Supervisor XML-RPC Authenticated Remote Code Execution Exploit
2017-09-25 00:00:00
redhatcve
redhatcve
CVE-2017-11610
2017-07-28 07:19:44
ubuntucve
ubuntucve
CVE-2017-11610
2017-08-23 00:00:00
metasploit
metasploit
Supervisor XML-RPC Authenticated Remote Code Execution
2017-08-30 02:10:46
attackerkb
attackerkb
CVE-2017-11610
2017-08-23 00:00:00
alpinelinux
alpinelinux
CVE-2017-11610
2017-08-23 14:29:00
redhat
redhat
(RHSA-2017:3005) Important: Red Hat CloudForms security, bug fix, and enhancement update
2017-10-24 00:00:47
exploitdb
exploitdb
Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
2017-09-25 00:00:00
threatpost
threatpost
Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41:40
myhack58
myhack58
Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net
2019-03-12 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OSV:GHSA-X7C8-4X3H-874W
prion1seebug1osv4veracode2fedora3cve1openvas6packetstorm1nessus7debian3github1debiancve1mageia1freebsd1gentoo1nuclei1zdt1redhatcve1ubuntucve1metasploit1attackerkb1alpinelinux1redhat1exploitdb1threatpost1myhack581