VDB

GCVE-110-MAGEIA-2017-263

GCVE-110-MAGEIA-2017-263
Advisory Published
Vulnetix · Advisory published August 13, 2017
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root (CVE-2017-11610).

Affected Products

VendorProductVersionsPlatforms
Mageiasupervisor0 (affected), 3.0.1-1.mga5 (unaffected)
Mageiasupervisor0 (affected), 3.1.4-1.mga6 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›