CVE-2014-3593 — Code Injection in Luci

CWE-94 — Code Injection CWE-77 — Command Injection4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.3%

top 47.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Scientificlinux Luci

Timeline

PublishedOct 15

Latest updateMay 17

Description

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDscientificlinux/luci0.26.0

🔴Vulnerability Details

GHSA

GHSA-v57g-j4xw-h383: Eval injection vulnerability in luci 0↗2022-05-17

▶

📋Vendor Advisories

Red Hat

luci: privilege escalation through cluster with specially crafted configuration↗2014-10-14

▶

💬Community

Bugzilla

CVE-2014-3593 luci: privilege escalation through cluster with specially crafted configuration↗2013-07-26

▶