CVE-2024-24892

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitee.com/src-openeuler/migration-tools/pulls/12
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275

Configurations

No configuration.

History

25 Mar 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) Neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ("Inyección de comandos del sistema operativo"), vulnerabilidad de administración de privilegios inadecuada en las herramientas de migración de openEuler en Linux permite la inyección de comandos y la elevación de privilegios de descanso. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. Este problema afecta a las herramientas de migración: desde 1.0.0 hasta 1.0.1.

25 Mar 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-25 07:15

Updated : 2024-03-25 13:47

NVD link : CVE-2024-24892

Mitre link : CVE-2024-24892

CVE.ORG link : CVE-2024-24892

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.1 /10