A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesnβt check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root ...
9.8CVSS
9.3AI Score
0.006EPSS