CVE-2015-5242

Sažetak

OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).

Reference

http://rhn.redhat.com/errata/RHSA-2015-1918.html
https://access.redhat.com/solutions/1985893
https://bugzilla.redhat.com/show_bug.cgi?id=1258743
https://review.openstack.org/#/c/237994/

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-11-2015 - 17:14

Objavljeno

25-11-2015 - 20:59