CVE-2021-21371

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

Arbitrary Code Execution

tenable-jira-cloud is vulnerable to arbitrary code execution. An attacker with local access to the host is able to run arbitrary commands through the yaml.load method by running the application with a malicious YAML file...

PYSEC-2021-60

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

PYSEC-2021-60

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

GHSA-8278-88VV-X98R Execution of untrusted code through config file

Impact It is possible to run arbitrary commands through the yaml.load method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. Workarounds Manually adjust yaml.load to yaml.safeload For mo...

CVE-2021-21371 Execution of untrusted code through config file

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

CVE-2021-21371

CVE-2021-21371 affects Tenable for Jira Cloud (tenable-jira-cloud) prior to version 1.1.21. The underlying issue is an insecure YAML handling: yaml.load() enables an attacker with local host access to execute arbitrary code via a crafted YAML configuration. Remediation: upgrade to version 1.1.21 ...

Alex Weber Tenable 代码问题漏洞

Alex Weber Tenable is an Alex Weber open source application. It is used to gain insight into the risk exposure of every asset on any platform. Tenable for Jira Cloud has a security vulnerability that allows an attacker with local access to the host to run arbitrary code by running the application...