4 matches found
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...
CVE-2019-15701
BloodHound 2.2.0 is affected by a remote OS command injection in components/Modals/HelpModal.jsx. An attacker can exploit it via the search autocomplete after importing data from an Active Directory with a GPO whose name contains JavaScript, by spawning a child process as the current user. CVSSv3...
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...
BloodHound Operating System Command Injection Vulnerability
BloodHound is a JavaScript application that reveals hidden relationships and attack paths in Active Directory environments through graph theory. An operating system command injection vulnerability exists in the components/Modals/HelpModal.jsx file in BloodHound version 2.2.0, which can be exploit...