CVE-2013-4482 — Luci vulnerability

4 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 79.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Scientificlinux Luci

Timeline

PublishedNov 23

Latest updateMay 14

Description

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDscientificlinux/luci0.26.0

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-f585-5p5j-mvf8: Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0↗2022-05-14

▶

📋Vendor Advisories

Red Hat

luci: paster hidden untrusted path and "command" (callable association) injection↗2013-11-20

▶

💬Community

Bugzilla

CVE-2013-4482 luci: paster hidden untrusted path and "command" (callable association) injection↗2013-07-30

▶