Veracode Vulnerability DatabaseVERACODE:11462Remote Code Execution (RCE)
0.002 Low
EPSS
Percentile
53.1%
luci is vulnerable to remote code execution (RCE) attacks. The vulnerability exists through an eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
References
rhn.redhat.com/errata/RHSA-2014-1390.html
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/luci.html#RHSA-2014-1390
access.redhat.com/errata/RHSA-2014:1390
access.redhat.com/security/cve/CVE-2014-3593
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1026374
bugzilla.redhat.com/show_bug.cgi?id=1100817
bugzilla.redhat.com/show_bug.cgi?id=1117398
bugzilla.redhat.com/show_bug.cgi?id=855112
bugzilla.redhat.com/show_bug.cgi?id=982771
bugzilla.redhat.com/show_bug.cgi?id=989005
rhn.redhat.com/errata/RHSA-2014-1390.html
Related
