CVE-2024-24892
Unauthorized RCE in migration-tools
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py.
This issue affects migration-tools: from 1.0.0 through 1.0.1.
Neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ("Inyección de comandos del sistema operativo"), vulnerabilidad de administración de privilegios inadecuada en las herramientas de migración de openEuler en Linux permite la inyección de comandos y la elevación de privilegios de descanso. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. Este problema afecta a las herramientas de migración: desde 1.0.0 hasta 1.0.1.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-01 CVE Reserved
- 2024-03-25 CVE Published
- 2024-03-25 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-58: Restful Privilege Elevation
- CAPEC-248: Command Injection
References (2)
URL | Tag | Source |
---|---|---|
https://gitee.com/src-openeuler/migration-tools/pulls/12 | ||
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
OpenEuler Search vendor "OpenEuler" | Migration-tools Search vendor "OpenEuler" for product "Migration-tools" | >= 1.0.0 <= 1.0.1 Search vendor "OpenEuler" for product "Migration-tools" and version " >= 1.0.0 <= 1.0.1" | en |
Affected
|