发布时间: 2024年2月8日
修改时间: 2024年10月31日
In versions 1.3.0-1.4.1 of the ceres software package, the execute_shell_command function does not properly verify or filter the command or subcommand parameters entered by users. This allows an attacker to exploit the vulnerability by injecting malicious code and execute arbitrary commands locally. Attackers can exploit this vulnerability to perform unauthorized operations, which may cause severe security threats and losses to the system.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | |
| Attack Vector | Local | |
| CVSS评分 | N/A | 7.3 |
| Attack Complexity | Low | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | High | |
| User Interaction | Required | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-1490 | aops-ceres security update | 2024年2月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | aops-ceres | Fixed |
