CVE-2024-24899

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitee.com/src-openeuler/aops-zeus/pulls/107
https://gitee.com/src-openeuler/aops-zeus/pulls/108
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294

Configurations

No configuration.

History

25 Mar 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en openEuler aops-zeus en Linux permite la inyección de comando. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. Este problema afecta a aops-zeus: desde 1.2.0 hasta 1.4.0.

25 Mar 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-25 07:15

Updated : 2024-03-25 13:47

NVD link : CVE-2024-24899

Mitre link : CVE-2024-24899

CVE.ORG link : CVE-2024-24899

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-24899", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "securities@openeuler.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-03-25T07:15:50.560", "references": [{"url": "https://gitee.com/src-openeuler/aops-zeus/pulls/107", "source": "securities@openeuler.org"}, {"url": "https://gitee.com/src-openeuler/aops-zeus/pulls/108", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293", "source": "securities@openeuler.org"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294", "source": "securities@openeuler.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "securities@openeuler.org", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py.\n\nThis issue affects aops-zeus: from 1.2.0 through 1.4.0.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en openEuler aops-zeus en Linux permite la inyecci\u00f3n de comando. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. Este problema afecta a aops-zeus: desde 1.2.0 hasta 1.4.0."}], "lastModified": "2024-03-25T13:47:14.087", "sourceIdentifier": "securities@openeuler.org"}