CVE-2024-24890

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitee.com/src-openeuler/gala-gopher/pulls/81
https://gitee.com/src-openeuler/gala-gopher/pulls/82
https://gitee.com/src-openeuler/gala-gopher/pulls/85
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279

Configurations

No configuration.

History

25 Mar 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler gala-gopher en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. Este problema afecta a gala-gopher: hasta 1.0.2.

25 Mar 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-25 07:15

Updated : 2024-03-25 13:47

NVD link : CVE-2024-24890

Mitre link : CVE-2024-24890

CVE.ORG link : CVE-2024-24890

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-24890", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "securities@openeuler.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-25T07:15:49.903", "references": [{"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/81", "source": "securities@openeuler.org"}, {"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/82", "source": "securities@openeuler.org"}, {"url": "https://gitee.com/src-openeuler/gala-gopher/pulls/85", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279", "source": "securities@openeuler.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "securities@openeuler.org", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.\n\nThis issue affects gala-gopher: through 1.0.2.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en openEuler gala-gopher en Linux permite la inyecci\u00f3n de comando. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. Este problema afecta a gala-gopher: hasta 1.0.2."}], "lastModified": "2024-03-25T13:47:14.087", "sourceIdentifier": "securities@openeuler.org"}