2 matches found
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...
CVE-2022-24552
The CVE-2022-24552 entry concerns StarWind Stack’s REST API: the REST command that manipulates a virtual disk does not validate input parameters, and certain inputs are passed to a bash script. This allows an attacker with non-root access to inject data that may be executed with root privileges, ...