2 matches found
CVE-2017-11610
CVE-2017-11610 affects the XML-RPC server in Supervisor. An authenticated client can send a crafted XML-RPC request that exploits nested supervisord namespace lookups to execute arbitrary commands on the server, running with the same user as supervisord (potentially root). The issue is triggered ...
CVE-2019-12105
CVE-2019-12105 – Summary (supported by provided docs) In Supervisor up to 4.0.2, an unauthenticated user can read log files or restart a service. The inet_http_server component is not enabled by default, but if a user enables it and does not set a password, Supervisor logs a warning. The open-ser...