Refine your search
1 vulnerability found for gala-gopher by openEuler
CVE-2024-24890 (GCVE-0-2024-24890)
Vulnerability from cvelistv5
Published
2024-03-25 07:09
Modified
2024-08-12 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.
This issue affects gala-gopher: through 1.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openEuler | gala-gopher |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:13.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/85"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/82"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:gala-gopher:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "gala-gopher",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:37:31.069507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:44:27.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"packageName": "gala-gopher",
"platforms": [
"Linux"
],
"product": "gala-gopher",
"programFiles": [
"https://gitee.com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c"
],
"repo": "https://gitee.com/src-openeuler/gala-gopher",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "7389bb2057607dede5f0c9ba397add9a5c162850",
"status": "unaffected"
},
{
"at": "0ca5c078c3b1af40add007cffbdc0bd539a59fa0",
"status": "unaffected"
},
{
"at": "60c6826aa5f5e7e9598c2d5cb97663b0fabc5f49",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler gala-gopher on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects gala-gopher: through 1.0.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.\n\nThis issue affects gala-gopher: through 1.0.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T07:09:25.879Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277"
},
{
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/81"
},
{
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/85"
},
{
"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/82"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection in ioprobe of gala-gopher",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2024-24890",
"datePublished": "2024-03-25T07:09:25.879Z",
"dateReserved": "2024-02-01T12:52:39.756Z",
"dateUpdated": "2024-08-12T18:44:27.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}