CVE-2015-5242

CWE-94 — Code Injection5 documents5 sources

Severity

6.0MEDIUM

EPSS

1.2%

top 21.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Gluster Storage

Timeline

PublishedNov 25

Latest updateMay 17

Description

OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/gluster_storage3.1

🔴Vulnerability Details

GHSA

GHSA-864h-cmr8-fpc7: OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authen↗2022-05-17

▶

CVEList

CVE-2015-5242: OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authen↗2015-11-25

▶

📋Vendor Advisories

Red Hat

swiftonfile: use of insecure Python pickle for metadata serialization and storage↗2015-10-20

▶

💬Community

Bugzilla

CVE-2015-5242 swiftonfile: use of insecure Python pickle for metadata serialization and storage↗2015-09-01

▶