GSD-2017-11610 — Vulnetix

Try Vulnetix Request Demo

GSD-2017-11610 PUBLISHED

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Affected Products

Vendor	Product	Versions
n/a	n/a	*

Timeline

Sep 6, 2011 CVE Published
Sep 25, 2017 PoC Published
May 29, 2018 PoC Published
Oct 9, 2020 PoC Published
Dec 14, 2024 PoC Published
Dec 15, 2024 PoC Published
Dec 25, 2024 PoC Published
Dec 26, 2024 PoC Published
Dec 28, 2024 PoC Published
Dec 30, 2024 PoC Published
Jan 3, 2025 PoC Published
Jan 6, 2025 PoC Published

References

FEDORA-2017-307eab89e1 vendor-advisory
FEDORA-2017-85eb9f7a36 vendor-advisory
FEDORA-2017-713430fb15 vendor-advisory
RHSA-2017:3005 advisory
https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt exploit
https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt exploit
https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt exploit
https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt exploit
DSA-3942 advisory
https://github.com/Supervisor/supervisor/issues/964 discussion
42779 exploit
GLSA-201709-06 advisory

Open in Interactive Console →