A flaw was found in StarWind Stack. The endpoint for setting a new password doesnโt check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.
8.8CVSS
8.5AI Score
0.001EPSS
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesnโt check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root ...
9.8CVSS
9.3AI Score
0.006EPSS