CVE-2024-24897

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45
https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273

Configurations

No configuration.

History

25 Mar 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en openEuler A-Tune-Collector en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. Este problema afecta a A-Tune-Collector: desde 1.1.0-3 hasta 1.3.0.

25 Mar 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-25 07:15

Updated : 2024-03-25 13:47

NVD link : CVE-2024-24897

Mitre link : CVE-2024-24897

CVE.ORG link : CVE-2024-24897

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

8.1 /10