Exploit for Incorrect Default Permissions in Supervisord Supervisor

LAB 3 — Supervisord XML-RPC Remote Code Execution CVE-2017-11...

Astra Linux - уязвимость в supervisor

In Supervisor version 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer confirmed that the affected component, inethttpserver, is not enabled by default. However, if the user enables it and does not set a password, Supervisor will log a warning message...

Information Disclosure

Supervisor is vulnerable to unauthorized restart and information disclosure. It is possible because the inet HTTP server, which is not enabled by default, does not use authentication by default, allowing an unauthenticated user to access log files or restart a service if the inet HTTP server is...

PYSEC-2019-126

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...

PYSEC-2019-126

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...