admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-419xx/CVE-2024-41961.json
cad-safe-bot cf6a641989 Auto-Update: 2024-08-04T02:00:16.891362+00:00
2024-08-04 02:03:13 +00:00

68 lines
2.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-41961",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:14.310",
"lastModified": "2024-08-01T16:45:25.400",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02."
},
{
"lang": "es",
"value": " Elektra es un panel de Openstack obstinado para operadores y consumidores de servicios Openstack. Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la funcionalidad de b\u00fasqueda en vivo de la aplicaci\u00f3n web Elektra basada en Ruby on Rails. Un usuario autenticado puede crear un t\u00e9rmino de b\u00fasqueda que contenga c\u00f3digo Ruby, que luego fluye hacia un receptor \"eval\" que ejecuta el c\u00f3digo. Corregido en la confirmaci\u00f3n 8bce00be93b95a6512ff68fe86bf9554e486bc02."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink