Refine your search

1 vulnerability found for aops-zeus by openEuler

CVE-2024-24899 (GCVE-0-2024-24899)
Vulnerability from cvelistv5
Published
2024-03-25 07:13
Modified
2024-08-12 18:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.
References
Impacted products
Vendor Product Version
openEuler aops-zeus Version: 1.2.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aops-zeus",
            "vendor": "openeuler",
            "versions": [
              {
                "lessThanOrEqual": "1.4.1",
                "status": "affected",
                "version": "1.2.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T19:10:20.384856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T18:43:05.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:13.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/108"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitee.com/openeuler",
          "defaultStatus": "unaffected",
          "packageName": "aops-zeus",
          "platforms": [
            "Linux"
          ],
          "product": "aops-zeus",
          "programFiles": [
            "https://gitee.com/openeuler/aops-zeus/blob/master/zeus/conf/constant.py"
          ],
          "repo": "https://gitee.com/openeuler/aops-zeus",
          "vendor": "openEuler",
          "versions": [
            {
              "changes": [
                {
                  "at": "508db6b6a65d0ff392dbab5d86c50d57c5057b5b",
                  "status": "unaffected"
                },
                {
                  "at": "b7899a20e869978020e1978fe54b361166a5cfef",
                  "status": "unaffected"
                },
                {
                  "at": "7e32e65bbd520a012a23f3d87124beab6e6bef5f",
                  "status": "unaffected"
                },
                {
                  "at": "3266b560d27c64446880497188f850364af00175",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.0",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-zeus on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects aops-zeus: from 1.2.0 through 1.4.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py.\n\nThis issue affects aops-zeus: from 1.2.0 through 1.4.0.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T07:13:13.251Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292"
        },
        {
          "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
        },
        {
          "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294"
        },
        {
          "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291"
        },
        {
          "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/108"
        },
        {
          "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/107"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command injection in aops-zeus",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2024-24899",
    "datePublished": "2024-03-25T07:13:13.251Z",
    "dateReserved": "2024-02-01T12:52:39.758Z",
    "dateUpdated": "2024-08-12T18:43:05.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}