4 matches found
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...
CVE-2019-15701
BloodHound 2.2.0 is affected by a remote OS command injection in components/Modals/HelpModal.jsx. An attacker can exploit it via the search autocomplete after importing data from an Active Directory with a GPO whose name contains JavaScript, by spawning a child process as the current user. CVSSv3...
BloodHound Operating System Command Injection Vulnerability
BloodHound is a JavaScript application that reveals hidden relationships and attack paths in Active Directory environments through graph theory. An operating system command injection vulnerability exists in the components/Modals/HelpModal.jsx file in BloodHound version 2.2.0, which can be exploit...