发布时间: 2024年3月15日
修改时间: 2024年10月31日
In aops-zeus software versions 1.2.0~1.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be executed on the remote host, which may cause the remote host system to crash, suffering serious consequences of security threats and losses.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 7.2 |
| Attack Complexity | Low | |
| Privileges Required | High | |
| Scope | Unchanged | |
| Integrity | High | |
| User Interaction | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3722 | aops-zeus security update | 2024年10月22日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | aops-zeus | Fixed |
| KY3.5.2 | aops-zeus | Fixed |
