cbcvebase.
CVE-2009-4261
published 2009-12-21

CVE-2009-4261: Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow…

PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.28%
86.9th percentile
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."

Affected

14 ranges
VendorProductVersion rangeFixed in
debianganeti< ganeti 2.0.5-1 (bookworm)ganeti 2.0.5-1 (bookworm)
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
roman_marxerganeti
spi-incganeti>= 0 < 2.0.5-12.0.5-1
spi-incganeti>= 0 < 2.0.5-12.0.5-1
spi-incganeti>= 0 < 2.0.5-12.0.5-1

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.